PT-2009-5719 · Maxcms · Maxcms
Gold_M
·
Published
2009-09-25
·
Updated
2017-09-19
·
CVE-2009-3425
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MaxCMS version 3.11.20b
Description
The issue allows remote attackers to read arbitrary files via directory traversal sequences in the
thCMS root parameter. This is a result of a directory traversal vulnerability in the includes/inc.thcms admin dirtree.php file.Recommendations
For MaxCMS version 3.11.20b, as a temporary workaround, consider restricting access to the
thCMS root parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maxcms