CVE-2006-3934 Information

Description

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

Reference

http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt http://secunia.com/advisories/21193 http://securityreason.com/securityalert/1302 http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip http://www.opencms.org/opencms/en/shownews.html?id=1002 http://www.securityfocus.com/archive/1/441182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28000