CVE-2008-3365

Name of the Vulnerable Software and Affected Versions Pixelpost version 1.7.1

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language full parameter in index.php when register globals is enabled.

Recommendations For Pixelpost version 1.7.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the index.php file to minimize the risk of arbitrary file inclusion. Avoid using the language full parameter in the affected API endpoint until the issue is resolved.