CVE-2012-2919

Name of the Vulnerable Software and Affected Versions Chevereto version 1.9.1

Description A directory traversal issue exists, allowing remote attackers to determine the existence of arbitrary files by using a .. (dot dot) in the v parameter of the Upload/engine.php file.

Recommendations For Chevereto version 1.9.1, as a temporary workaround, consider restricting access to the Upload/engine.php file until a patch is available. Avoid using the v parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.