CVE-2008-4995

Name of the Vulnerable Software and Affected Versions bk2site version 1.1.9

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file in the redirect.pl script. This is limited to debug mode, which is disabled by default.

Recommendations For bk2site version 1.1.9, consider disabling debug mode to prevent exploitation of this issue. As a temporary workaround, restrict access to the redirect.pl script and the /tmp/redirect.log file to minimize the risk of arbitrary file overwrites.