CVE-2007-3535

Name of the Vulnerable Software and Affected Versions GL-SH Deaf Forum versions 6.4.4 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files. This can be achieved by exploiting directory traversal vulnerabilities through the FORUM LANGUAGE parameter to functions.php or the style parameter to bottom.php, using a .. (dot dot) sequence.

Recommendations For GL-SH Deaf Forum versions 6.4.4 and earlier, consider restricting access to the functions.php and bottom.php files until a fix is available. As a temporary workaround, avoid using the FORUM LANGUAGE and style parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.