CVE-2009-1624

Name of the Vulnerable Software and Affected Versions: Dew-NewPHPLinks version 2.0

Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is achieved by using a .. (dot dot) in the show parameter of the affected API endpoint, allowing access to files outside the intended directory.

Recommendations: For Dew-NewPHPLinks version 2.0, consider restricting access to the show parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the show parameter with .. (dot dot) sequences to minimize the risk of exploitation.