CVE-2008-2355

Name of the Vulnerable Software and Affected Versions: WR-Meeting version 1.0

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event, when magic quotes gpc is disabled. This is related to a directory traversal vulnerability in the index.php file.

Recommendations: For WR-Meeting version 1.0, consider disabling the coment event or restricting access to the msnum parameter until a patch is available. Additionally, enabling magic quotes gpc may help mitigate the risk of exploitation.