CVE-2008-2215

Name of the Vulnerable Software and Affected Versions: Project-Based Calendaring System (PBCS) version 0.7.1-1

Description: The issue concerns directory traversal vulnerabilities that allow remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the filename parameter to specific API endpoints, such as "src/yopy sync.php" and "system-logger/print logs.php".

Recommendations: For version 0.7.1-1, consider restricting access to the vulnerable API endpoints "src/yopy sync.php" and "system-logger/print logs.php" to minimize the risk of exploitation. Avoid using the filename parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.