CVE-2009-2177

Name of the Vulnerable Software and Affected Versions fuzzylime (cms) versions 3.03a and earlier

Description The issue allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files. This is achieved by providing a "....//" (dot dot) in the s parameter, which is then collapsed into a "../" value, enabling the attacker to traverse directories and potentially overwrite files. This issue is specifically relevant when magic quotes gpc is disabled.

Recommendations For versions 3.03a and earlier, consider disabling the s parameter in the code/display.php file until a patch is available, or ensure that magic quotes gpc is enabled to mitigate the risk of directory traversal attacks.