CVE-2008-4735

Name of the Vulnerable Software and Affected Versions Concord Asset, Software, and Ticket system (CoAST) version 0.95

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the sections file parameter. This can be exploited by sending a malicious URL to the vulnerable header.php file.

Recommendations For version 0.95, consider restricting access to the header.php file or disabling the use of the sections file parameter until a patch is available. Avoid using the sections file parameter in the affected API endpoint until the issue is resolved.