CVE-2008-1043

Name of the Vulnerable Software and Affected Versions Linux Web Shop (LWS) php User Base version 1.3 BETA

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. This is a result of a PHP remote file inclusion vulnerability in the templates/default/header.inc.php file.

Recommendations For Linux Web Shop (LWS) php User Base version 1.3 BETA, consider restricting access to the menu parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the menu parameter in the templates/default/header.inc.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.