Release DateJan 26, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a directory-traversal vulnerability in the Pheap CMS web application.A vulnerability has been reported in the Pheap CMS web application that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value. An attacker may read and modify arbitrary files by sending a crafted HTTP request. |
Affected ProductsPheap Pheap 2.0Pheap Pheap 1.3 Pheap Pheap 1.1 Pheap Pheap 1.0 |
Recommended ActionsCurrently we are not aware of any officially supplied patch for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-1140 |
Reference/shttp://www.securityfocus.com/archive/1/460920http://www.securityfocus.com/bid/22670 (BugTraq) |
