CVE-2007-6475

Name of the Vulnerable Software and Affected Versions GF-3XPLORER version 2.4

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the lang sel parameter to specific API endpoints, such as "updater.php" and "thumber.php".

Recommendations For GF-3XPLORER version 2.4, as a temporary workaround, consider restricting access to the "updater.php" and "thumber.php" endpoints until a patch is available. Avoid using the lang sel parameter in these endpoints to minimize the risk of exploitation.