PT-2007-3497 · Phpfaber · Phpfaber Topsites
Published
2007-04-19
·
Updated
2018-10-16
·
CVE-2007-2155
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
phpFaber TopSites version 3
Description
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the
modify parameter within a template action to admin/index.php.Recommendations
For phpFaber TopSites version 3, consider restricting access to the
admin/index.php endpoint until a patch is available, and avoid using the modify parameter in template actions to prevent exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpfaber Topsites