CVE-2008-5167

Name of the Vulnerable Software and Affected Versions Boonex Orca versions 2.0 through 2.0.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter when register globals is enabled.

Recommendations For versions 2.0 through 2.0.2, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the layout/default/params.php file to minimize the risk of arbitrary PHP code execution. Avoid using the gConf[dir][layouts] parameter in affected setups until the issue is resolved.