CVE-2009-3825

Name of the Vulnerable Software and Affected Versions GenCMS version 2006

Description The issue concerns directory traversal vulnerabilities that allow remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in specific parameters. For example, the p parameter to "show.php" and the Template parameter to "admin/pages/SiteNew.php" are vulnerable.

Recommendations For GenCMS version 2006, as a temporary workaround, consider restricting access to the "show.php" and "admin/pages/SiteNew.php" scripts until a patch is available. Avoid using the p parameter in "show.php" and the Template parameter in "admin/pages/SiteNew.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.