CVE-2008-6253

Name of the Vulnerable Software and Affected Versions: Pluck version 4.5.3

Description: The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g pcltar lib dir parameter when register globals is enabled. This is related to a directory traversal vulnerability in the data/inc/lib/pcltar.lib.php file.

Recommendations: For Pluck version 4.5.3, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the pcltar.lib.php file to minimize the risk of arbitrary file inclusion. Avoid using the g pcltar lib dir parameter in sensitive operations until the issue is resolved.