CVE-2009-0113

Name of the Vulnerable Software and Affected Versions Joomla! versions 1.5.8 and earlier

Description A directory traversal issue exists in the XStandard component, specifically in attachmentlibrary.php, allowing remote attackers to list arbitrary directories by including a .. (dot dot) in the X CMS LIBRARY PATH HTTP header.

Recommendations For Joomla! versions 1.5.8 and earlier, consider restricting access to the attachmentlibrary.php file in the XStandard component until a patch is available. As a temporary workaround, avoid using the X CMS LIBRARY PATH HTTP header with dot dot (..) sequences to minimize the risk of exploitation.