CVE-2009-1846

Name of the Vulnerable Software and Affected Versions: SiteX versions 0.7.4 and earlier

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME FOLDER parameter to various API endpoints, including "Corporate/homepage.php", "Fusion/homepage.php", "Joombo/homepage.php", "Streamline/homepage.php", and "Structure/homepage.php" in themes/.

Recommendations: For SiteX versions 0.7.4 and earlier, as a temporary workaround, consider restricting access to the THEME FOLDER parameter in the affected API endpoints until a patch is available. Avoid using the THEME FOLDER parameter with untrusted input in the affected API endpoints until the issue is resolved.