CVE-2008-5210

Name of the Vulnerable Software and Affected Versions PhpBlock A8.5

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the PATH TO CODE parameter to several PHP scripts, including (1) script/init/createallimagecache.php, (2) allincludefortick.php, (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php.

Recommendations For PhpBlock A8.5, as a temporary workaround, consider restricting access to the PATH TO CODE parameter in the affected API endpoints until a patch is available. Avoid using the PATH TO CODE parameter in the affected scripts until the issue is resolved. Restrict access to the vulnerable scripts, including script/init/createallimagecache.php, allincludefortick.php, test.php, and modules/dungeon/tick/allincludefortick.php, to minimize the risk of exploitation.