CVE-2007-4957

Name of the Vulnerable Software and Affected Versions Chupix CMS version 0.2.3

Description The issue allows remote attackers to read or overwrite arbitrary files, or create arbitrary directories, via directory traversal vulnerabilities in the download.php file. This is achieved by including a .. (dot dot) in the fichier or repertoire parameters for file access, or in the repertoire parameter for directory creation.

Recommendations For Chupix CMS version 0.2.3, as a temporary workaround, consider restricting access to the download.php file until a patch is available. Additionally, restrict the use of the fichier and repertoire parameters to minimize the risk of exploitation.