CVE-2009-2784

Name of the Vulnerable Software and Affected Versions dit.cms version 1.3

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal vulnerabilities. This can be achieved by exploiting the path parameter to index.php in various directories, the sitemap parameter to index.php in certain menus, and the relPath parameter to index/index.php. The vulnerabilities are exploitable when register globals is enabled.

Recommendations For dit.cms version 1.3, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the vulnerable index.php files in the affected directories and menus, and avoid using the path, sitemap, and relPath parameters until a patch is available.