CVE-2007-5811

Name of the Vulnerable Software and Affected Versions phpMyConferences versions 8.0.2 and earlier

Description A directory traversal issue in PageTraiteDownload.php allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. This issue is disputed for version 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed.

Recommendations For phpMyConferences versions 8.0.2 and earlier, consider restricting access to the PageTraiteDownload.php file until a fix is available. As a temporary workaround, avoid using the dir parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.