CVE-2006-3488

Name of the Vulnerable Software and Affected Versions VirtuaStore version 2.0

Description The issue concerns an absolute path traversal vulnerability. It allows remote attackers to possibly read arbitrary directories or files via an absolute path with a Windows drive letter in the Pasta parameter. This is achievable when specific conditions are met, such as link=util, acao=ftp, and acaba=sim.

Recommendations For VirtuaStore version 2.0, consider restricting access to the Pasta parameter in the administrador.asp file to minimize the risk of exploitation. Additionally, avoid using absolute paths with Windows drive letters in the Pasta parameter when link=util, acao=ftp, and acaba=sim until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.