CVE-2008-2878

Name of the Vulnerable Software and Affected Versions Academic Web Tools (AWT YEKTA) versions 1.4.3.1, 1.4.2.8 and earlier

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter. This can be exploited by providing a malicious URL in the file parameter.

Recommendations For versions 1.4.3.1, 1.4.2.8 and earlier, consider restricting access to the rss getfile.php file until a fix is available. As a temporary workaround, avoid using the file parameter in the rss getfile.php file to minimize the risk of exploitation.