CVE-2010-0967

Name of the Vulnerable Software and Affected Versions Geekhelps ADMP version 1.01

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to various PHP files in the themes/ directory, including (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php. This is possible when magic quotes gpc is disabled.

Recommendations For Geekhelps ADMP version 1.01, consider disabling the execution of PHP files in the themes/ directory or restricting access to these files until a patch is available. Additionally, enabling magic quotes gpc may help mitigate the issue.