CVE-2010-1057

Name of the Vulnerable Software and Affected Versions Phpkobo AdFreely (aka Ad Board Script) version 1.01

Description The issue allows remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG CODE parameter to various files, including common.inc.php in multiple directories such as codelib/cfg/, codelib/sys/, staff/, staff/app/, and staff/file.php, when magic quotes gpc is disabled.

Recommendations For Phpkobo AdFreely (aka Ad Board Script) version 1.01, consider disabling the LANG CODE parameter in the affected files until a patch is available. Restrict access to the common.inc.php file in the mentioned directories to minimize the risk of exploitation. Additionally, enable magic quotes gpc to prevent this type of attack.