CVE-2009-3625

Name of the Vulnerable Software and Affected Versions Sahana version 0.6.2.2

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter of the www/index.php file. This is a directory traversal vulnerability.

Recommendations For Sahana version 0.6.2.2, consider restricting access to the mod parameter in the www/index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the mod parameter with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.