CVE-2006-0567

Name of the Vulnerable Software and Affected Versions Files Xaraya module versions prior to 0.5.1

Description The issue allows remote attackers to access files outside of the web root via ".." (dot dot) sequences when the Archive Directory field on the Modify Config page is blank. This is due to a directory traversal vulnerability.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider setting a valid Archive Directory path on the Modify Config page to prevent exploitation.