CVE-2009-2263

Name of the Vulnerable Software and Affected Versions Awesome PHP Mega File Manager version 1.0

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter of the index.php file. In some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Recommendations For Awesome PHP Mega File Manager version 1.0, consider validating and sanitizing the page parameter in the index.php file to prevent directory traversal attacks. As a temporary workaround, restrict access to the index.php file until a patch is available.