CVE-2014-9261

Name of the Vulnerable Software and Affected Versions Codoforum version 2.5.1

Description The issue concerns the sanitize function, which does not properly filter directory traversal sequences. This allows remote attackers to read arbitrary files by including a .. (dot dot) in the path parameter to "index.php".

Recommendations For Codoforum version 2.5.1, consider restricting access to the sanitize function until a patch is available, or apply any available configuration changes that can mitigate directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.