CVE-2008-6273

Name of the Vulnerable Software and Affected Versions: MyKtools version 3.0

Description: A directory traversal issue exists in the configuration script.php file, allowing remote authenticated administrators to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the langage parameter.

Recommendations: For MyKtools version 3.0, consider restricting access to the configuration script.php file until a fix is available, and avoid using the langage parameter with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.