CVE-2011-5273

Name of the Vulnerable Software and Affected Versions Domain Technologie Control (DTC) versions prior to 0.34.1

Description A directory traversal issue exists, allowing remote authenticated users to execute arbitrary PHP code. This is achieved by including a .. (dot dot) in the pkg parameter within a do install action to dtc/.

Recommendations For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the do install action or validating the pkg parameter to prevent directory traversal attacks.