CVE-2008-4741

Name of the Vulnerable Software and Affected Versions FAR-PHP version 1.00

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the c parameter.

Recommendations For FAR-PHP version 1.00, consider disabling the use of the c parameter in the index.php file until a patch is available, or enable magic quotes gpc to prevent exploitation.