CVE-2008-6010

Name of the Vulnerable Software and Affected Versions SG Real Estate Portal version 2.0

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in specific parameters to certain PHP files. The vulnerable parameters include mod, page, or lang in requests to 'index.php', and action or folder in security requests to 'admin/index.php'.

Recommendations For SG Real Estate Portal version 2.0, consider restricting access to the index.php and admin/index.php files until a patch is available, and avoid using the parameters mod, page, lang, action, and folder in these files to minimize the risk of exploitation.