CVE-2010-1951

Name of the Vulnerable Software and Affected Versions 60cycleCMS (affected versions not specified)

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by using directory traversal sequences in the DOCUMENT ROOT parameter to specific API endpoints: "news.php", "submitComment.php", and "sqlConnect.php".

Recommendations For 60cycleCMS, restrict access to the news.php, submitComment.php, and sqlConnect.php endpoints to minimize the risk of exploitation. Avoid using the DOCUMENT ROOT parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.