CVE-2012-4878

Name of the Vulnerable Software and Affected Versions FlatnuX CMS version 2011 08.09.2

Description The issue allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a "contents/Files" action. This is due to an absolute path traversal vulnerability in the controlcenter.php file.

Recommendations For FlatnuX CMS version 2011 08.09.2, as a temporary workaround, consider restricting access to the dir parameter in the controlcenter.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.