CVE-2008-1125

Name of the Vulnerable Software and Affected Versions Podcast Generator versions 1.0 BETA 2 and earlier

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the theme path parameter to "core/themes.php" and the filename parameter to "download.php".

Recommendations For Podcast Generator versions 1.0 BETA 2 and earlier, consider restricting access to the "core/themes.php" and "download.php" files until a patch is available. As a temporary workaround, avoid using the theme path and filename parameters in the affected API endpoints.