CVE-2010-2945

Name of the Vulnerable Software and Affected Versions SLiM versions prior to 1.3.2

Description The issue is related to the default configuration of SLiM, where the default path option in slim.conf starts with ./ (dot slash), potentially allowing local users to gain privileges via a Trojan horse program in the current working directory. This is related to the cfg.cpp file.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider modifying the default path option in slim.conf to remove the ./ (dot slash) at the beginning, or restrict access to the slim.conf file to prevent modifications.