CVE-2008-0435

Name of the Vulnerable Software and Affected Versions OZJournals version 2.1.1

Description A directory traversal issue exists, allowing remote attackers to read parts of arbitrary files. This is achieved by using a .. (dot dot) in the id parameter within a "printpreview" action.

Recommendations For OZJournals version 2.1.1, consider restricting access to the id parameter in the "printpreview" action of index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.