CVE-2007-3523

Name of the Vulnerable Software and Affected Versions XCMS version 1.1

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by including a .. (dot dot) in the Ent or Lang parameter.

Recommendations For XCMS version 1.1, consider restricting access to the Module/Galerie.php file until a patch is available. As a temporary workaround, avoid using the Ent and Lang parameters in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.