CVE-2007-3707

Name of the Vulnerable Software and Affected Versions CodeIgniter version 1.5.3 before 20070628

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file when enable query strings is set to true. This is achieved by using a .. (dot dot) in the c parameter of the affected API endpoint.

Recommendations For CodeIgniter version 1.5.3 before 20070628, consider disabling the enable query strings option as a temporary workaround until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the c parameter in the affected endpoint until the issue is resolved.