Directory Traversal Vulnerability in phpCAS by Jasig
CVE-2010-3692

Currently unrated

Key Information:

Vendor

Apereo

Status
Vendor
CVE Published:
7 October 2010

What is CVE-2010-3692?

A directory traversal vulnerability exists in the callback function within client.php of phpCAS prior to version 1.1.3 when proxy mode is active. This flaw allows remote attackers to exploit directory traversal sequences via a Proxy Granting Ticket IOU parameter, potentially enabling them to create or overwrite arbitrary files on the server. It highlights the need for robust input validation and security best practices to mitigate similar vulnerabilities.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.