CVE-2010-3468

Name of the Vulnerable Software and Affected Versions Mura CMS versions 5.1 through 5.1.497 Mura CMS versions 5.2 through 5.2.2808 Sava CMS versions 5 through 5.2

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the FILEID parameter to the "tasks/render/file/" endpoint.

Recommendations For Mura CMS versions 5.1 through 5.1.497, update to version 5.1.498 or later. For Mura CMS versions 5.2 through 5.2.2808, update to version 5.2.2809 or later. For Sava CMS versions 5 through 5.2, update to a version later than 5.2, if available. As a temporary workaround, consider restricting access to the "tasks/render/file/" endpoint until a patch is available. Avoid using the FILEID parameter in the affected endpoint until the issue is resolved.