CVE-2008-5171

Name of the Vulnerable Software and Affected Versions phpBLASTER CMS version 1.0 RC1

Description The issue concerns directory traversal vulnerabilities in the admin/minibb/index.php file of phpBLASTER CMS. When register globals is enabled, remote attackers can include and execute arbitrary local files using directory traversal sequences in the DB, lang, and skin parameters.

Recommendations For phpBLASTER CMS version 1.0 RC1, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the admin/minibb/index.php file and its parameters, specifically DB, lang, and skin, until a patch is available. Avoid using directory traversal sequences in these parameters to minimize the risk of exploitation.