CVE-2008-4894

Name of the Vulnerable Software and Affected Versions Tribiq CMS versions 5.0.10a through 5.0.12c

Description A directory traversal issue exists in the header.inc.php file, allowing remote attackers to include and execute arbitrary local files. This occurs when register globals is enabled and magic quotes gpc is disabled. The issue is exploited through directory traversal sequences in the template path parameter.

Recommendations For Tribiq CMS versions 5.0.10a through 5.0.12c, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the template path parameter in the affected header.inc.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.