CVE-2008-2885

Name of the Vulnerable Software and Affected Versions Open Digital Assets Repository System (ODARS) version 1.0.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES ROOT parameter when register globals is enabled. This is due to a PHP remote file inclusion vulnerability in the src/browser/resource/categories/resource categories view.php file.

Recommendations For Open Digital Assets Repository System (ODARS) version 1.0.2, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the src/browser/resource/categories/resource categories view.php file to minimize the risk of arbitrary PHP code execution. Avoid using the CLASSES ROOT parameter in the affected file until the issue is resolved.