CVE-2012-5192

Name of the Vulnerable Software and Affected Versions Bitweaver versions 2.8.1 and earlier

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using '''%2F" (dot dot encoded slash) sequences in the overlay type parameter of the /gmap/view overlay.php API endpoint.

Recommendations For Bitweaver versions 2.8.1 and earlier, as a temporary workaround, consider restricting access to the view overlay.php file until a patch is available. Avoid using the overlay type parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.