CVE-2013-7190

Name of the Vulnerable Software and Affected Versions iScripts AutoHoster version 2.4

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files via specific parameters in various PHP files. The affected parameters include tmpid in "websitebuilder/showtemplateimage.php", fname in "admin/downloadfile.php", and id in "support/admin/csvdownload.php". Additionally, there is an unspecified impact via unspecified vectors in "support/parser/main smtp.php".

Recommendations For iScripts AutoHoster version 2.4, consider restricting access to the vulnerable parameters tmpid, fname, and id in their respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. Also, restrict access to "support/parser/main smtp.php" to minimize the risk of exploitation.