CVE-2013-4728

Name of the Vulnerable Software and Affected Versions DDSN Interactive cm3 Acora CMS versions 5.5.0/1b-p1 through 6.0.6/1a

Description The issue allows remote attackers to obtain sensitive information via a .. (dot dot) in the l parameter. This reveals the installation path in an error message.

Recommendations For versions 5.5.0/1b-p1 through 6.0.6/1a, consider restricting access to the l parameter to minimize the risk of exploitation. Avoid using the l parameter with a .. (dot dot) value in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.