CVE-2007-5491 Information

Description

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ..\ sequences in the lang parameter.

Reference

http://secunia.com/advisories/27503 http://secunia.com/advisories/28008 http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup http://www.debian.org/security/2007/dsa-1423 http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml http://www.securityfocus.com/bid/26126 http://www.vupen.com/english/advisories/2007/3768 https://bugs.gentoo.org/show_bug.cgi?id=195810