CVE-2009-2132

Name of the Vulnerable Software and Affected Versions 4images versions prior to 1.7.7

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter when magic quotes gpc is disabled.

Recommendations For versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue. As a temporary workaround, consider enabling magic quotes gpc to minimize the risk of exploitation. Restrict access to the global.php file to minimize the risk of exploitation. Avoid using the l parameter in the affected API endpoint until the issue is resolved.