CVE-2008-4486

Name of the Vulnerable Software and Affected Versions: SACphp versions prior to Yerba 6.3

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter of the index.php file. This is a directory traversal vulnerability.

Recommendations: For SACphp versions prior to Yerba 6.3, consider restricting access to the mod parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the mod parameter with untrusted input to minimize the risk of exploitation.