CVE-2008-2993

Name of the Vulnerable Software and Affected Versions FOG Forum version 0.8.1

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fog lang and fog skin parameters. This is probably related to libs/required/share.inc and may also involve the fog pseudo, fog posted, fog password, and fog cook parameters.

Recommendations For FOG Forum version 0.8.1, consider restricting access to the vulnerable parameters fog lang and fog skin to minimize the risk of exploitation. Additionally, as a temporary workaround, consider disabling the execution of arbitrary local files via the index.php file until a patch is available. Avoid using the parameters fog pseudo, fog posted, fog password, and fog cook in the affected API endpoint until the issue is resolved.