CVE-2008-4319

Name of the Vulnerable Software and Affected Versions: Libra File Manager versions 1.18 and earlier

Description: The issue allows remote attackers to bypass authentication and perform unauthorized actions such as reading arbitrary files, modifying arbitrary files, and listing arbitrary directories. This is achieved by inserting certain user and isadmin parameters in the query string of the fileadmin.php endpoint.

Recommendations: For Libra File Manager versions 1.18 and earlier, as a temporary workaround, consider restricting access to the fileadmin.php endpoint until a patch is available. Avoid using the user and isadmin parameters in the query string of the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.