CVE-2002-0464

Name of the Vulnerable Software and Affected Versions Hosting Controller versions 1.4.1 and earlier

Description A directory traversal issue allows remote attackers to read and modify arbitrary files and directories by including a .. (dot dot) in arguments to specific API endpoints, such as "file editor.asp", "folderactions.asp", or "editoractions.asp".

Recommendations For Hosting Controller versions 1.4.1 and earlier, as a temporary workaround, consider restricting access to the affected API endpoints "file editor.asp", "folderactions.asp", and "editoractions.asp" until a patch is available. Avoid using the .. (dot dot) sequence in arguments to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.