CVE-2008-3165

Name of the Vulnerable Software and Affected Versions: fuzzylime (cms) versions 3.01a and earlier

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. This can be achieved when magic quotes gpc is disabled. An example of exploitation is using content.php.

Recommendations: For versions 3.01a and earlier, consider disabling the rss.php script until a patch is available, or enable magic quotes gpc to prevent the exploitation of this issue. Restrict access to the p parameter in the rss.php script to minimize the risk of exploitation.