CVE-2008-5883

Name of the Vulnerable Software and Affected Versions mini-pub versions 0.3 and earlier

Description The issue allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. This is related to an absolute path traversal vulnerability in the front-end/dir.php file.

Recommendations For mini-pub versions 0.3 and earlier, avoid using the sDir parameter with full pathnames until a fix is available. As a temporary workaround, consider restricting access to the front-end/dir.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.