Bigace · Bigace Web Cms · CVE-2009-2379
**Name of the Vulnerable Software and Affected Versions**
BIGACE Web CMS version 2.6
**Description**
A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `cmd` parameter.
**Recommendations**
For BIGACE Web CMS version 2.6, consider restricting access to the `cmd` parameter in the public/index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `cmd` parameter with untrusted input until a patch is available.