CVE-2012-6522

Name of the Vulnerable Software and Affected Versions w-CMS version 2.01

Description A directory traversal issue exists in the getContent function in codes/wcms.php, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the p parameter.

Recommendations For w-CMS version 2.01, consider restricting access to the vulnerable getContent function until a patch is available. As a temporary workaround, avoid using the p parameter in the affected API endpoint until the issue is resolved.