• Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks.

• The vendor has released Security Definition update v2.0.4 that addresses these vulnerabilities.

• • Barracuda Networks Products Multiple Directory Traversal Vulnerabilities

• 

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Directory Traversal

• WordPress Plugin Photocart Link Local File Inclusion (1.6)
• WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)
• WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
• WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
• WordPress Plugin Theme My Login Local File Inclusion (6.3.9)