CVE-2009-1678

Name of the Vulnerable Software and Affected Versions: Bitweaver versions 2.6 and earlier

Description: The issue allows remote attackers to create or overwrite arbitrary files due to a directory traversal vulnerability in the saveFeed function. This is achieved by including a .. (dot dot) in the version parameter to the "boards/boards rss.php" endpoint.

Recommendations: For Bitweaver versions 2.6 and earlier, as a temporary workaround, consider restricting access to the saveFeed function in rss/feedcreator.class.php until a patch is available. Avoid using the version parameter in the boards/boards rss.php endpoint with untrusted input until the issue is resolved.