CVE-2007-3312

Name of the Vulnerable Software and Affected Versions Jasmine CMS version 1.0

Description A directory traversal issue exists, allowing remote authenticated administrators to include and execute arbitrary local files by manipulating the u parameter in admin/plugin manager.php. It is noted that this issue could potentially be exploitable by remote unauthenticated attackers if combined with a separate vulnerability.

Recommendations For Jasmine CMS version 1.0, consider restricting access to the admin/plugin manager.php file until a fix is available, and avoid using the u parameter in this context to minimize the risk of exploitation.