CVE-2010-1063

Name of the Vulnerable Software and Affected Versions Phpkobo Free Real Estate Contact Form version 1.09

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences when magic quotes gpc is disabled. This can be achieved by manipulating the LANG CODE parameter in specific API endpoints, such as /codelib/cfg/common.inc.php, /form/app/common.inc.php, and /staff/app/common.inc.php.

Recommendations For Phpkobo Free Real Estate Contact Form version 1.09, consider disabling the execution of files from the codelib/cfg, form/app, and staff/app directories until a patch is available. Restrict access to the LANG CODE parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.