Description

Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks.

Remediation

The vendor has released Security Definition update v2.0.4 that addresses these vulnerabilities.

References

Barracuda Networks Products Multiple Directory Traversal Vulnerabilities

Related Vulnerabilities

WordPress Plugin Gallery-Flagallery Photo Portfolio Multiple Vulnerabilities (2.00)

Serendipity Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-6242)

Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43919)

Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-1891)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.3)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal