CVE-2008-4739

Name of the Vulnerable Software and Affected Versions PlugSpace version 0.1

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the index.php file when the magic quotes gpc setting is disabled. The vulnerability can be triggered by including a .. (dot dot) in the navi parameter of a specific API endpoint, although the exact endpoint is not specified.

Recommendations For PlugSpace version 0.1, consider disabling the execution of arbitrary local files or restricting access to the navi parameter until a patch is available. Additionally, enabling magic quotes gpc may help mitigate this issue.