CVE-2009-1526

Name of the Vulnerable Software and Affected Versions: JBMC Software DirectAdmin versions prior to 1.334

Description: The issue allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory. This is related to a request for this temporary file in the PATH INFO to the CMD DB script during a backup action.

Recommendations: For versions prior to 1.334, update to version 1.334 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory and the CMD DB script to minimize the risk of exploitation.