CVE-2008-5867

Name of the Vulnerable Software and Affected Versions Yerba SACphp version 6.3

Description A directory traversal issue allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component.

Recommendations For Yerba SACphp version 6.3, as a temporary workaround, consider restricting access to the SID parameter and the mod field until a patch is available. Avoid using directory traversal sequences in the mod field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.