CVE-2008-2081

Name of the Vulnerable Software and Affected Versions Siteman version 2.0.x2

Description A directory traversal issue exists, allowing remote authenticated administrators to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the module parameter of the index.php file.

Recommendations For Siteman version 2.0.x2, consider restricting access to the module parameter in the index.php file to prevent exploitation until a patch is available. As a temporary workaround, limit the ability of remote authenticated administrators to include and execute local files.