CVE-2012-1025

Name of the Vulnerable Software and Affected Versions Enigma2 Webinterface versions 1.6.0 through 1.6.8 Enigma2 Webinterface version 1.6rc3 Enigma2 Webinterface version 1.7.0

Description The issue allows remote attackers to read arbitrary files via a full pathname in the file parameter. This is an absolute path traversal vulnerability in a file in the Enigma2 Webinterface.

Recommendations For Enigma2 Webinterface versions 1.6.0 through 1.6.8, consider restricting access to the file parameter to minimize the risk of exploitation. For Enigma2 Webinterface version 1.6rc3, avoid using the file parameter with full pathnames until the issue is resolved. For Enigma2 Webinterface version 1.7.0, restrict access to the vulnerable file to prevent arbitrary file reading.