Bitweaver Directory Traversal And Code Injection Vulnerabilities

This host is running Bitweaver, which is prone to directory traversal and code injection vulnerabilities.
Successful exploitation will let the attacker to cause PHP code injection, directory traversal, gain sensitive information, and can cause arbitrary code execution inside the context of the web application. Impact Level: Application
Upgrade to Bitweaver version 2.6.1 or later
Multiple flaws are due to improper handling of user supplied input in saveFeed function in rss/feedcreator.class.php file and it can cause following attacks. - PHP code injection via placing PHP sequences into the account 'display name' setting for authenticated users or in the HTTP Host header for remote users by sending a request to boards/boards_rss.php. - Directory traversal allow remote user to create or overwrite arbitrary file via a .. (dot dot) in the version parameter to boards/boards_rss.php.
Bitweaver version 2.6.0 and prior