Priyadi

**Name of the Vulnerable Software and Affected Versions** PEAR MDB2 versions prior to 2.5.0a1 **Description** The issue allows remote attackers to potentially use MDB2 as an indirect proxy or obtain sensitive information by submitting a URL string into a form field in an MDB2 application. This could be achieved by using a `file://` URL or a URL for an intranet web site. **Recommendations** For versions prior to 2.5.0a1, update to version 2.5.0a1 or later to resolve the issue. As a temporary workaround, consider restricting the interpretation of URL strings in form fields to prevent potential misuse.