PT-2007-4676 · Sitedepth · Sitedepth Cms

Published

2007-06-26

Updated

2017-10-11

CVE-2007-3404

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SiteDepth CMS version 3.44

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the name parameter of the ShowImage.php file.

Recommendations For SiteDepth CMS version 3.44, consider restricting access to the ShowImage.php file until a patch is available. As a temporary workaround, avoid using the name parameter in the ShowImage.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3404

Affected Products

Sitedepth Cms

PT-2007-4676 · Sitedepth · Sitedepth Cms

CVE-2007-3404

Related Identifiers

Affected Products

References · 6