Description

Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.

Remediation

References

CVE-2008-3708

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-0754)

WordPress Plugin FancyFlickr Cross-Site Scripting (1.0)

MySQL CVE-2015-0506 Vulnerability (CVE-2015-0506)

WordPress Clickjacking Vulnerability (0.7 - 3.1.2)

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

Severity

Medium

Classification

CVE-2008-3708 CWE-22

Tags

Missing Update Known Vulnerabilities