VULHUB ™

It is reported that JAF CMS is susceptible to a directory traversal vulnerability allowing information disclosure and server-side script execution. This issue is due to a failure of the application to properly sanitize user-supplied URI input. To execute arbitrary PHP script code, the attacker requires the ability to create or modify files on the computer hosting the affected application. This vulnerability may be exploited by remote attackers to execute server-side PHP script code in the context of the affected application, or to gain access to the contents of arbitrary, potentially sensitive files with the privileges of the Web server. Version 3.0 RC and prior are reported vulnerable to this issue.

It is reported that JAF CMS is susceptible to a directory traversal vulnerability allowing information disclosure and server-side script execution. This issue is due to a failure of the application to properly sanitize user-supplied URI input. To execute arbitrary PHP script code, the attacker requires the ability to create or modify files on the computer hosting the affected application. This vulnerability may be exploited by remote attackers to execute server-side PHP script code in the context of the affected application, or to gain access to the contents of arbitrary, potentially sensitive files with the privileges of the Web server. Version 3.0 RC and prior are reported vulnerable to this issue.