CVE-2008-0545

Name of the Vulnerable Software and Affected Versions Bubbling Library version 1.32

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by including a .. (dot dot) in specific parameters. The affected parameters are the uri parameter in files such as yui-menu.tpl.php, simple.tpl.php, and advanced.tpl.php, and the page parameter in files like yui-menu.php, simple.php, and advanced.php, all located in the dispatcher/framework/ directory.

Recommendations For Bubbling Library version 1.32, consider restricting access to the dispatcher/framework/ directory to minimize the risk of exploitation. As a temporary workaround, avoid using the uri and page parameters in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.