CVE-2008-2883

Name of the Vulnerable Software and Affected Versions Jamroom versions 3.3.0 through 3.3.5

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm dir] parameter. This is related to the include/plugins/jrBrowser/payment.php file.

Recommendations For Jamroom versions 3.3.0 through 3.3.5, consider restricting access to the vulnerable payment.php file until a patch is available. Avoid using the jamroom[jm dir] parameter in the affected API endpoint until the issue is resolved.