Intrusion Prevention

PHP.FILE.Parameter.Remote.File.Disclosure

Description

This indicates a possible exploit of a remote file disclosure vulnerability in JulmaCMS.
An attacker could send a specially-crafted URL request to the file.php script, containing "dot dot" sequences (/../) in the file parameter, to view arbitrary files on the system.

Affected Products

JulmaCMS 1.4

Impact

Directory traversal.

Recommended Actions

Upgrade to the latest version, available from the Web site:
http://julmajanne.com/.

CVE References

CVE-2007-2324