CVE-2006-1235

Name of the Vulnerable Software and Affected Versions HitHost version 1.0.0

Description A directory traversal issue exists in the admin/deleteuser.php file, potentially allowing remote attackers to delete directories, possibly limited to empty ones, by manipulating the $deleteuser variable. Initial disclosure indicated difficulty in proving the issue, which might be attributed to specific behaviors of the rmdir function.

Recommendations For HitHost version 1.0.0, as a temporary workaround, consider restricting access to the admin/deleteuser.php file and the $deleteuser variable to minimize the risk of exploitation. Avoid using the $deleteuser variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.