CVE-2009-3149

Name of the Vulnerable Software and Affected Versions: Elgg version 1.5

Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the css/js.php file when magic quotes gpc is disabled. This can be achieved by including a .. (dot dot) in the js parameter.

Recommendations: For Elgg version 1.5, consider disabling the css/js.php file or restricting access to it until a fix is available. Additionally, enabling magic quotes gpc can help mitigate this issue.