CVE-2011-0518

Name of the Vulnerable Software and Affected Versions LotusCMS Fraise version 3.0

Description A directory traversal issue exists in the core/lib/router.php file of LotusCMS Fraise. This issue allows remote attackers to include and execute arbitrary local files when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the system parameter to the "index.php" endpoint.

Recommendations For LotusCMS Fraise version 3.0, consider disabling the magic quotes gpc setting or restricting access to the system parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, restrict the execution of arbitrary local files to minimize the risk of exploitation.