CVE-2008-0427

Name of the Vulnerable Software and Affected Versions bloofoxCMS version 0.3

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the file.php file. This is achieved by using a .. (dot dot) in the file parameter.

Recommendations For bloofoxCMS version 0.3, consider restricting access to the file.php file until a patch is available, and avoid using the file parameter with untrusted input to minimize the risk of exploitation.