CVE-2009-4725

Name of the Vulnerable Software and Affected Versions Arab Portal versions 2.2 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter in the modules/aljazeera/admin/setup.php file, when register globals is enabled and magic quotes gpc is disabled.

Recommendations For Arab Portal versions 2.2 and earlier, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the setup.php file in the modules/aljazeera/admin directory to minimize the risk of arbitrary file inclusion.