CVE-2010-3692

Name of the Vulnerable Software and Affected Versions phpCAS versions prior to 1.1.3

Description The issue allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a PGTiou parameter when proxy mode is enabled. This is due to a directory traversal vulnerability in the callback function in client.php.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider disabling proxy mode until a patch is available. Restrict access to the client.php file to minimize the risk of exploitation. Avoid using the PGTiou parameter in the affected callback function until the issue is resolved.