CVE-2006-3934

2006-07-31T22:04:00
ID CVE-2006-3934
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:32:00

Description

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. This vulnerability is addressed in the following product release: Alkacon, OpenCms, 6.2.2