CVE-2001-1299

Name of the Vulnerable Software and Affected Versions: Zorbat Zorbstats version prior to 0.9

Description: The issue allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. This can be achieved by sending a request to a vulnerable API endpoint, although the specific endpoint is not specified.

Recommendations: For versions prior to 0.9, update to version 0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the includedir variable to minimize the risk of exploitation.