Cheverok

**Name of the Vulnerable Software and Affected Versions** Thyme versions 1.3 and earlier **Description** A directory traversal issue exists in the export.php file of Thyme, allowing remote attackers to read arbitrary files when register globals is disabled. This is achieved by including a .. (dot dot) in the `export to` parameter. **Recommendations** For Thyme versions 1.3 and earlier, consider disabling the export.php file or restricting access to it until a fix is available. As a temporary workaround, avoid using the `export to` parameter in the export.php file to minimize the risk of exploitation.