CVE-2008-5164

Name of the Vulnerable Software and Affected Versions The Rat CMS Pre-Alpha 2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the id parameter to "viewarticle.php" and "viewarticle2.php" and the PATH INFO to "viewarticle.php".

Recommendations For The Rat CMS Pre-Alpha 2, consider restricting access to the viewarticle.php and viewarticle2.php scripts until a patch is available. As a temporary workaround, avoid using the id parameter in these scripts and restrict the PATH INFO to "viewarticle.php" to minimize the risk of exploitation.