CVE-2009-2007

Name of the Vulnerable Software and Affected Versions: Dokeos versions 1.8.5 and possibly earlier

Description: The issue allows remote attackers to read portions of arbitrary files and possibly read arbitrary files. This is achieved through directory traversal vulnerabilities. Specifically, the lang parameter to "main/exercice/hotspot lang conversion.php" and the doc url parameter to "main/exercice/Hpdownload.php" are vulnerable. The attackers can use a .. (dot dot) and a .. (dot dot backslash) in the lang parameter or a .. (dot dot) in the doc url parameter to exploit this.

Recommendations: For Dokeos version 1.8.5 and possibly earlier, consider restricting access to the hotspot lang conversion.php and Hpdownload.php scripts until a patch is available. As a temporary workaround, avoid using the lang and doc url parameters in the affected API endpoints.