CVE-2008-7093

Name of the Vulnerable Software and Affected Versions Unica Affinium Campaign version 7.2.1.0.55

Description The issue allows remote attackers to perform directory traversal attacks. This can be achieved in two ways: (1) by creating arbitrary directories or files using a .. (dot dot) in the folder name in the new folder functionality, or (2) by listing arbitrary files via a crafted request to "Campaign/CampaignListener".

Recommendations For Unica Affinium Campaign version 7.2.1.0.55, consider restricting access to the new folder functionality and limiting the ability to send crafted requests to "Campaign/CampaignListener" until a patch is available. As a temporary workaround, restrict the use of the .. (dot dot) sequence in folder names to prevent directory traversal.