Intrusion Prevention

PHP.download2.php.FN1.Parameter.Directory.Traversal

Description

It indicates a file disclosure vulnerability in cattaDoc, an open source document management solution. This issue is due to an input validation error in the "download2.php" script that fails to validate the "fn1" parameter. As a result remote attackers may be able to read arbitrary files.

Affected Products

cattaDoc version 3.0 and prior.
cattaDoc version 2.21 and prior.

Impact

Information disclosure.

Recommended Actions

Currently we are not aware of any official supplied fix for issue.
C-Arbre Web site,http://cattadoc.com/

CVE References

CVE-2007-1930