Thepeak · Thepeak File Upload Manager · CVE-2006-5617
Name of the Vulnerable Software and Affected Versions:
Thepeak File Upload Manager version 1.3
Description:
A directory traversal issue exists, allowing remote attackers to read or download arbitrary files. This is achieved by providing a base64-encoded file path containing a .. (dot dot) sequence in the `file` parameter.
Recommendations:
For Thepeak File Upload Manager version 1.3, consider restricting access to the `index.php` file until a patch is available, and avoid using the `file` parameter with base64-encoded paths containing .. sequences.