CVE-2004-0071

Name of the Vulnerable Software and Affected Versions PHP Man Page Lookup version 1.2.0

Description A directory traversal issue exists in the buildManPage function within class.manpagelookup.php, allowing remote attackers to read arbitrary files. This is achieved by manipulating the command parameter, specifically the $cmd variable, in requests to the "index.php" endpoint.

Recommendations For PHP Man Page Lookup version 1.2.0, as a temporary workaround, consider restricting access to the buildManPage function in class.manpagelookup.php until a patch is available. Avoid using the $cmd variable in the affected endpoint until the issue is resolved.