Plusphp · Plusphp Short Url Multi-User Script · CVE-2008-2480
Name of the Vulnerable Software and Affected Versions:
plusPHP Short URL Multi-User Script version 1.6
Description:
The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` pages dir` parameter. This can be achieved by manipulating the ` pages dir` parameter in the `plus.php` file.
Recommendations:
For plusPHP Short URL Multi-User Script version 1.6, consider restricting access to the ` pages dir` parameter to prevent remote file inclusion attacks until a patch is available. Avoid using the ` pages dir` parameter in the affected `plus.php` file until the issue is resolved.