CVE-2008-6288

Name of the Vulnerable Software and Affected Versions: Interface Medien ibase versions 2.03 and earlier

Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the filename parameter of the "download.php" API endpoint.

Recommendations: For versions 2.03 and earlier, consider restricting access to the download.php endpoint until a fix is available. As a temporary workaround, avoid using the filename parameter with .. (dot dot) sequences in the download.php endpoint to minimize the risk of exploitation.