CVE-2009-2333

Name of the Vulnerable Software and Affected Versions CMS Chainuk versions 1.2 and earlier

Description The issue allows remote attackers to perform directory traversal, enabling them to include and execute arbitrary local files. This can be achieved by sending a .. (dot dot) in specific parameters to various PHP files, including the menu parameter to "admin/admin menu.php", and the id parameter to "index.php" and "admin/admin edit.php". Additionally, attackers can delete arbitrary local files by exploiting the id parameter in "admin/admin delete.php". It is also possible to leverage one of the vectors for static code injection by sending a crafted menu parameter to "admin/admin menu.php" and then sending an id=../menu.csv request to "index.php".

Recommendations For CMS Chainuk versions 1.2 and earlier, consider disabling access to the vulnerable PHP files, specifically "admin/admin menu.php", "index.php", "admin/admin edit.php", and "admin/admin delete.php", until a patch is available. Restrict the use of the menu and id parameters in these files to minimize the risk of exploitation. Avoid using the id parameter with a .. (dot dot) sequence in "admin/admin delete.php" to prevent deletion of arbitrary local files.