CVE-2008-1042

Name of the Vulnerable Software and Affected Versions Linux Web Shop (LWS) php Download Manager versions 1.0 through 1.1

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. This is due to a directory traversal vulnerability in the include/body.inc.php file.

Recommendations For Linux Web Shop (LWS) php Download Manager versions 1.0 through 1.1, consider restricting access to the content parameter in the include/body.inc.php file to prevent directory traversal attacks. As a temporary workaround, consider disabling the execution of arbitrary local files via the content parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.