CVE-2006-4550

Name of the Vulnerable Software and Affected Versions CHXO Feedsplitter version 2006-01-21

Description The issue allows remote attackers to read arbitrary XML files by using .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.

Recommendations For CHXO Feedsplitter version 2006-01-21, consider restricting access to the format parameter to prevent exploitation until a patch is available. As a temporary workaround, avoid using the format parameter with a leading "." to minimize the risk of reading arbitrary XML files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.