CVE-2013-0136

Name of the Vulnerable Software and Affected Versions Mutiny versions prior to 5.0-1.11

Description The issue allows remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service via multiple directory traversal vulnerabilities in the EditDocument servlet. This can be achieved through various parameters in different operations, including the uploadPath parameter in an UPLOAD operation, the paths[] parameter in DELETE, CUT, or COPY operations, or the newPath parameter in CUT or COPY operations.

Recommendations For Mutiny versions prior to 5.0-1.11, update to version 5.0-1.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the EditDocument servlet or limiting the allowed operations to prevent potential exploitation. Additionally, restrict the use of the uploadPath, paths[], and newPath parameters in the affected operations until the update is applied.