Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
References
Configurations
History
No history.
Information
Published : 2009-03-25 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6522
Mitre link : CVE-2008-6522
CVE.ORG link : CVE-2008-6522
JSON object : View
Products Affected
devraj_mukherjee
- openterracotta
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')