CVE-2009-3425

Name of the Vulnerable Software and Affected Versions MaxCMS version 3.11.20b

Description The issue allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS root parameter. This is a result of a directory traversal vulnerability in the includes/inc.thcms admin dirtree.php file.

Recommendations For MaxCMS version 3.11.20b, as a temporary workaround, consider restricting access to the thCMS root parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.