CVE-2009-1405

Name of the Vulnerable Software and Affected Versions PastelCMS version 0.8.0

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the index.php file, specifically when the magic quotes gpc setting is disabled. The vulnerability can be triggered by including a .. (dot dot) in the set lng parameter.

Recommendations For PastelCMS version 0.8.0, consider disabling the set lng parameter in the index.php file until a patch is available, or enable the magic quotes gpc setting to prevent exploitation. Additionally, restrict access to sensitive local files to minimize the risk of arbitrary file execution.