CVE-2009-2110

Name of the Vulnerable Software and Affected Versions DB Top Sites version 1.0

Description The issue allows remote attackers to include and execute arbitrary local files due to multiple directory traversal vulnerabilities. This is possible when magic quotes gpc is disabled, and a .. (dot dot) is used in the u parameter to API endpoints such as "full.php", "index.php", and "contact.php".

Recommendations For DB Top Sites version 1.0, consider disabling the execution of files through the "full.php", "index.php", and "contact.php" API endpoints until a fix is available, and ensure magic quotes gpc is enabled to prevent directory traversal attacks.