CVE-2009-1445

Name of the Vulnerable Software and Affected Versions WebPortal CMS version 0.8-beta

Description The issue concerns directory traversal vulnerabilities. Remote attackers can read arbitrary files by using directory traversal sequences in the lang parameter to "libraries/helpdocs/help.php" API endpoint. Additionally, attackers can include and execute arbitrary local files via directory traversal sequences in the error parameter to "index.php" API endpoint.

Recommendations For WebPortal CMS version 0.8-beta, consider restricting access to the lang parameter in the "libraries/helpdocs/help.php" API endpoint and the error parameter in the "index.php" API endpoint to minimize the risk of exploitation. Avoid using these parameters until the issue is resolved.