Liquid Silver · Liquid-Silver Cms · CVE-2008-0459
**Name of the Vulnerable Software and Affected Versions**
Liquid-Silver CMS version 0.35
**Description**
The issue allows remote attackers to include and execute arbitrary local files due to a directory traversal vulnerability in the update/index.php file when magic quotes gpc is disabled. This can be achieved by using a .. (dot dot) in the `update` parameter.
**Recommendations**
For Liquid-Silver CMS version 0.35, consider disabling the update/index.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.