CVE-2011-4640

Name of the Vulnerable Software and Affected Versions SpamTitan WebTitan versions prior to 3.60

Description The issue allows remote authenticated users to read arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the logs-x.php file. The vulnerability can be triggered by including a .. (dot dot) in the fname parameter within a view action.

Recommendations For versions prior to 3.60, update to version 3.60 or later to resolve the issue. As a temporary workaround, consider restricting access to the logs-x.php file or limiting the view action to authorized users only. Avoid using the fname parameter in the affected logs-x.php file until the issue is resolved.