CVE-2008-0425

Name of the Vulnerable Software and Affected Versions Frimousse version 0.0.2

Description The issue allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. This is due to an absolute path traversal vulnerability in the explorerdir.php file.

Recommendations For Frimousse version 0.0.2, consider restricting access to the explorerdir.php file or the name parameter to prevent exploitation until a fix is available. As a temporary workaround, avoid using the name parameter with full pathnames in the explorerdir.php file.