CVE-2009-2338

Name of the Vulnerable Software and Affected Versions FreeWebshop.org version 2.2.9 R2

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the includes/startmodules.inc.php file when register globals is enabled. The vulnerability can be triggered via a .. (dot dot) in the lang file parameter.

Recommendations For FreeWebshop.org version 2.2.9 R2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/startmodules.inc.php file and avoid using the lang file parameter until a fix is available.