CVE-2014-100029

Name of the Vulnerable Software and Affected Versions Ganesha Digital Library (GDL) version 4.2

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files by utilizing a .. (dot dot) in specific parameters. The vulnerable parameters are newlang and newtheme.

Recommendations For Ganesha Digital Library (GDL) version 4.2, consider restricting access to the class/session.php file until a patch is available. As a temporary workaround, avoid using the newlang and newtheme parameters in the affected API endpoint until the issue is resolved.