CVE-2008-6516

Name of the Vulnerable Software and Affected Versions phpKF-Portal version 1.10

Description The issue allows remote attackers to include arbitrary files via directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the tema dizin parameter to "baslik.php" or the portal ayarlarportal dili parameter to "anket yonetim.php".

Recommendations For phpKF-Portal version 1.10, restrict access to the baslik.php and anket yonetim.php scripts to minimize the risk of exploitation. Avoid using the tema dizin and portal ayarlarportal dili parameters in the affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.