CVE-2008-3562

Name of the Vulnerable Software and Affected Versions Chupix CMS version 0.1.0

Description A directory traversal issue exists in the Contact module of Chupix CMS, specifically in the index.php file. This issue allows remote attackers to include and execute arbitrary local files when the magic quotes gpc setting is disabled. The vulnerability can be exploited by using a .. (dot dot) in the mods parameter.

Recommendations For Chupix CMS version 0.1.0, consider disabling the Contact module or restricting access to the index.php file in the Contact module until a patch is available. Additionally, enabling magic quotes gpc may help mitigate this issue. However, the most effective solution would be to update or patch the software once a fix is provided by the vendor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.