Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
ZeusCMS is prone to an SQL-injection vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.A successful attack could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.ZeusCMS 0.3 is vulnerable; other versions may also be affected.
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.
Attackers can use a browser to exploit these issues.