CVE-2009-1948

Name of the Vulnerable Software and Affected Versions: Unclassified NewsBoard (UNB) version 1.6.4

Description: The issue allows remote attackers to read arbitrary recently-modified files or include and execute arbitrary local files due to directory traversal vulnerabilities in the forum.php file. This occurs when register globals is enabled and magic quotes gpc is disabled. The attack can be performed by exploiting the GLOBALS[filename] parameter or the GLOBALS[UTE][ tplCollection][a][file] parameter using a .. (dot dot) sequence.

Recommendations: For Unclassified NewsBoard (UNB) version 1.6.4, consider disabling the register globals setting and enabling magic quotes gpc to prevent exploitation. Additionally, restrict access to the forum.php file and its parameters, such as GLOBALS[filename] and GLOBALS[UTE][ tplCollection][a][file], to minimize the risk of directory traversal attacks.