CVE-2008-1416

Name of the Vulnerable Software and Affected Versions PHPauction GPL version 2.51

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the include path parameter to specific PHP files, including (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in the includes/ directory.

Recommendations For PHPauction GPL version 2.51, consider restricting access to the vulnerable PHP files, specifically converter.inc.php, messages.inc.php, and settings.inc.php, until a patch is available. As a temporary workaround, avoid using the include path parameter in these files to minimize the risk of exploitation.