ReCMS Directory Traversal

I found this vuln the last month so I tried to contact the admin but I get zero replies.

============ { Advisory 1/7/2010 } =============

Directory Traversal in ReCMS

Vendor’s Description of Software:

Application Info:
# Name: ReCMS

Vulnerability Info:
# Type: Directory Traversal
# Risk: High

# N/A

Time Table:
# 17/05/2010 – Vendor notified.

All the input passed via “users_lang” is not properly sanitised before being used.

# Input from “users_lang” parameter should be filtered.


# Discoverd By: Locu
# Website:
# Contacts: xlocux[-at-]

=============== { EOF } ================


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s