CVE-2006-4963

Name of the Vulnerable Software and Affected Versions Exponent CMS version 0.96.3

Description A directory traversal issue exists, allowing remote attackers to read and execute arbitrary local files. This is achieved by using a .. (dot dot) sequence in the view parameter within the show view action of the calendarmodule module. Attackers can potentially execute PHP code through session files.

Recommendations For Exponent CMS version 0.96.3, consider restricting access to the calendarmodule module until a patch is available. As a temporary workaround, avoid using the view parameter in the show view action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.