CVE-2009-3219

Name of the Vulnerable Software and Affected Versions AR Web Content Manager (AWCM) version 2.1

Description A directory traversal issue exists due to the lack of proper input validation in the a.php file. When magic quotes gpc is disabled, remote attackers can exploit this by including a .. (dot dot) sequence in the a parameter to include and execute arbitrary local files.

Recommendations For AR Web Content Manager (AWCM) version 2.1, consider disabling the a.php file or restricting access to it until a proper fix is available. Additionally, enabling magic quotes gpc may help mitigate this issue, but it is recommended to apply a proper patch or update when available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.