ReCMS suffers from a directory traversal vulnerability.
421f4ceccf1e2da10d032b176b9d566136ad0df90be99979f6ced8887d9ad16c
============ { Advisory 1/7/2010 } =============
Directory Traversal in ReCMS
Vendor's Description of Software:
# http://www.realestatecms.eu/
Application Info:
# Name: ReCMS
Vulnerability Info:
# Type: Directory Traversal
# Risk: High
Fix:
# N/A
Time Table:
# 17/05/2010 - Vendor notified.
All the input passed via "users_lang" is not properly sanitised before being used.
Solution:
# Input from "users_lang" parameter should be filtered.
Vulnerability:
#http://[site]/state.php?data=country&val=italia&users_lang=[DT]
Credit:
# Discoverd By: Locu
# Website: http://xlocux.wordpress.com
# Contacts: xlocux[-at-]gmail.com
=============== { EOF } ================