CVE-2012-2227

Name of the Vulnerable Software and Affected Versions PluXml versions prior to 5.1.6

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the update/index.php file. The vulnerability can be triggered via a ..%2F (encoded dot dot slash) in the default lang parameter.

Recommendations For versions prior to 5.1.6, update to version 5.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the update/index.php file to minimize the risk of exploitation. Avoid using the default lang parameter in the affected API endpoint until the issue is resolved.