CVE-2009-3492

Name of the Vulnerable Software and Affected Versions Loggix Project versions 9.4.5 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to several PHP files, including (1) Calendar.php, (2) Comment.php, (3) Rss.php, and (4) Trackback.php in lib/Loggix/Module/, as well as (5) modules/downloads/lib/LM Downloads.php.

Recommendations For Loggix Project versions 9.4.5 and earlier, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the pathToIndex parameter in the affected API endpoints until the issue is resolved. Restrict access to the lib/Loggix/Module/ directory and modules/downloads/lib/LM Downloads.php to minimize the risk of exploitation.