CVE-2012-4920

Name of the Vulnerable Software and Affected Versions Zingiri Forum plugin versions prior to 1.4.4

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the zing forum output function. This is achieved by including a .. (dot dot) in the url parameter to "index.php".

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.