CVE-2014-8799

Name of the Vulnerable Software and Affected Versions DukaPress plugin versions prior to 2.5.4

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the dp img resize function. This is achieved by providing a .. (dot dot) in the src parameter to the "lib/dp image.php" endpoint.

Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the lib/dp image.php endpoint to minimize the risk of exploitation. Avoid using the src parameter in the affected endpoint until the issue is resolved.