CVE-2012-3521

Name of the Vulnerable Software and Affected Versions GeSHi versions prior to 1.0.8.11

Description The issue concerns multiple directory traversal vulnerabilities in the cssgen contrib module. These vulnerabilities allow remote attackers to read arbitrary files by utilizing a .. (dot dot) in the geshi-path or geshi-lang-path parameter.

Recommendations For versions prior to 1.0.8.11, update to version 1.0.8.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the cssgen contrib module until the update is applied. Avoid using the geshi-path and geshi-lang-path parameters in a way that could facilitate directory traversal attacks.