CVE-2008-5332

Name of the Vulnerable Software and Affected Versions Pie version 0.5.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter to files in lib/action/ including alias.php, cancel.php, context.php, deadlinks.php, delete.php, and others. Additionally, the GLOBALS[pie][library path] parameter to files in lib/share/ including diff.php, file.php, locale.php, mapfile.php, page.php, and others is also vulnerable.

Recommendations For Pie version 0.5.3, consider disabling the lib parameter and restricting access to the lib/action/ and lib/share/ directories until a patch is available. Avoid using the GLOBALS[pie][library path] parameter in the affected files until the issue is resolved.