CVE-2009-4512

Name of the Vulnerable Software and Affected Versions Oscailt version 3.3

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the index.php file when 'Use Friendly URL's' is disabled. The vulnerability can be triggered by including a .. (dot dot) in the obj id parameter.

Recommendations For Oscailt version 3.3, consider disabling the 'Use Friendly URL's' option as a temporary workaround, or restrict access to the index.php file to minimize the risk of exploitation. Avoid using the obj id parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.