CVE-2011-0903

Name of the Vulnerable Software and Affected Versions AR Web Content Manager (AWCM) version 2.2

Description The issue allows remote attackers to read arbitrary files and possibly have other unspecified impact. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the awcm theme or awcm lang cookie to access "index.php" or "header.php" API endpoints.

Recommendations For AR Web Content Manager (AWCM) version 2.2, as a temporary workaround, consider restricting access to the awcm theme and awcm lang cookies to minimize the risk of exploitation. Additionally, restrict access to the "index.php" and "header.php" API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.