CVE-2009-4264

Name of the Vulnerable Software and Affected Versions AROUNDMe versions 1.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the language path parameter when register globals is enabled.

Recommendations For AROUNDMe versions 1.1 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the components/core/connect.php file to minimize the risk of exploitation. Avoid using the language path parameter in the affected endpoint until the issue is resolved.