CVE-2016-15023

Name of the Vulnerable Software and Affected Versions SiteFusion Application Server versions up to 6.6.6

Description A problematic issue was found in the file getextension.php of the Extension Handler component, leading to path traversal. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The manipulation affects an unknown part of the file, and upgrading to a newer version can address this issue.

Recommendations For SiteFusion Application Server versions up to 6.6.6, upgrade to version 6.6.7 to address the issue. As a temporary workaround, consider restricting access to the affected Extension Handler component until the upgrade is applied.