CVE-2008-3769

Name of the Vulnerable Software and Affected Versions Freeway version 1.4.1.171

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the include page parameter in the admin/create order new.php file when register globals is enabled.

Recommendations For Freeway version 1.4.1.171, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the admin/create order new.php file until a patch is available. Avoid using the include page parameter in the affected file until the issue is resolved.