CVE-2009-2923

Name of the Vulnerable Software and Affected Versions: BitmixSoft PHP-Lance version 1.52

Description: The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the language parameter to "show.php" and in the parameter to "advanced search.php".

Recommendations: For version 1.52, consider restricting access to the "show.php" and "advanced search.php" scripts until a patch is available. As a temporary workaround, avoid using the language parameter in the "show.php" script and restrict the use of parameters in "advanced search.php" to minimize the risk of exploitation.