CVE-2008-3564

Name of the Vulnerable Software and Affected Versions Dayfox Blog version 4

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p, cat, and archive parameters in index.php. This can potentially be leveraged for remote file inclusion in certain environments by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Recommendations For Dayfox Blog version 4, consider restricting access to the p, cat, and archive parameters in index.php to minimize the risk of exploitation. As a temporary workaround, avoid using these parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.