CVE-2009-2180

Name of the Vulnerable Software and Affected Versions Pc4 Uploader versions 10.0 and earlier

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities in the upfiles/index.php file. This can be achieved by using either a .. (dot dot) or an absolute path in the file parameter.

Recommendations For Pc4 Uploader versions 10.0 and earlier, consider restricting access to the upfiles/index.php file until a fix is available. As a temporary workaround, avoid using absolute paths or .. (dot dot) in the file parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.