| Name | Pheap.Edit.PHP.Filename.Parameter.Directory.Traversal |
| Release Date | Jan 26, 2010 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a directory-traversal vulnerability in the Pheap CMS web application.
A vulnerability has been reported in the Pheap CMS web application that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value. An attacker may read and modify arbitrary files by sending a crafted HTTP request. |
| Affected Products | Pheap Pheap 2.0
Pheap Pheap 1.3
Pheap Pheap 1.1
Pheap Pheap 1.0 |
| Recommended Actions | Currently we are not aware of any officially supplied patch for this issue. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1140
|
| Reference/s | http://www.securityfocus.com/bid/22670 (BugTraq)
http://www.securityfocus.com/archive/1/460920
|