CVE-2008-3589

Name of the Vulnerable Software and Affected Versions moziloCMS version 1.10.1

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the download.php file when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the cat parameter.

Recommendations For moziloCMS version 1.10.1, consider disabling the download.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue. Avoid using the cat parameter in the download.php file until the issue is resolved.