Xaraya Directory Traversal Vulnerability

Xaraya Directory Traversal Vulnerability

Xaraya is prone to a directory traversal vulnerability.

Reports indicate that an attacker can supply directory traversal sequences through the 'module' parameter of the 'index.php' script to place files in arbitrary locations on a Web server.

If an attacker places malicious script files on a Web server and is able to execute them, this issue could facilitate a remote compromise. Other attacks including data corruption and denial of service are also possible.

Xaraya 1.0.0 RC4 and prior versions are affected.