CVE-2012-3231

Name of the Vulnerable Software and Affected Versions web@all versions prior to the version downloaded on May 30, 2012

Description The issue allows remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information. This can be demonstrated by adding a file to execute arbitrary code via a "do addfile" action to "inc/browser/action.php".

Recommendations For versions prior to the one downloaded on May 30, 2012, update to a version downloaded on or after May 30, 2012, to resolve the issue. As a temporary workaround, consider restricting access to the "inc/browser/action.php" file to minimize the risk of exploitation. Avoid using the "do addfile" action in the affected API endpoint until the issue is resolved.