CVE-2003-1298

Name of the Vulnerable Software and Affected Versions AnyPortal(php) version 12 MAY 00

Description The issue allows remote attackers to create, delete, save, and upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot) due to multiple directory traversal vulnerabilities in siteman.php3.

Recommendations For AnyPortal(php) version 12 MAY 00, consider restricting access to the siteman.php3 file to minimize the risk of exploitation. As a temporary workaround, avoid using filenames starting with "./.." in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.