CVE-2010-1710

Name of the Vulnerable Software and Affected Versions Siestta version 2.0

Description A directory traversal issue exists in the login.php file of Siestta, allowing remote attackers to include and execute arbitrary local files. This is possible when the register globals setting is enabled. The issue can be exploited by using a .. (dot dot) in the idioma parameter of the vulnerable endpoint.

Recommendations For Siestta version 2.0, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the login.php file until a patch is available. Avoid using the idioma parameter in the affected endpoint until the issue is resolved.