CVE-2008-6901

Name of the Vulnerable Software and Affected Versions: 2532|Gigs version 1.2.2 Stable

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to various PHP files, including "settings.php", "deleteuser.php", "mini calendar.php", "manage venues.php", and "manage gigs.php", when register globals is enabled and magic quotes gpc is disabled.

Recommendations: For 2532|Gigs version 1.2.2 Stable, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the vulnerable PHP files, such as "settings.php", "deleteuser.php", "mini calendar.php", "manage venues.php", and "manage gigs.php", to minimize the risk of arbitrary file inclusion. Avoid using the language parameter in the affected files until the issue is resolved.