CVE-2008-0648

Name of the Vulnerable Software and Affected Versions OpenSiteAdmin versions 0.9.1.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to various PHP files, including indexFooter.php, DatabaseManager.php, FieldManager.php, Filter.php, Form.php, FormManager.php, LoginManager.php, and Filters/SingleFilter.php in the scripts/classes/ directory.

Recommendations For OpenSiteAdmin versions 0.9.1.1 and earlier, consider disabling the path parameter in the affected PHP files until a patch is available. Restrict access to the scripts/classes/ directory to minimize the risk of exploitation. Avoid using the path parameter in the affected API endpoints until the issue is resolved.