Intrusion Prevention



This indicates an attack attempt against a directory-traversal vulnerability in the Pheap CMS web application.
A vulnerability has been reported in the Pheap CMS web application that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value. An attacker may read and modify arbitrary files by sending a crafted HTTP request.

Affected Products

Pheap Pheap 2.0
Pheap Pheap 1.3
Pheap Pheap 1.1
Pheap Pheap 1.0


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any officially supplied patch for this issue.

CVE References