CVE-2008-6726

Name of the Vulnerable Software and Affected Versions: CMScout version 2.06

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to API endpoints such as "admin.php" and "index.php", but only when register globals is enabled.

Recommendations: For CMScout version 2.06, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the "admin.php" and "index.php" API endpoints until a patch is available. Avoid using the bit parameter in these endpoints until the issue is resolved.