CVE-2008-1117

Name of the Vulnerable Software and Affected Versions Timbuktu Pro versions 8.6.5

Description A directory traversal issue in the Notes feature of Timbuktu Pro allows remote attackers to upload files to arbitrary locations by using a destination filename with a (backslash) character followed by ../ (dot dot slash) sequences. This can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For version 8.6.5, consider restricting access to the Notes feature until a fix is available. As a temporary workaround, avoid using the Notes feature to upload files to sensitive locations.