CVE-2005-2607

Name of the Vulnerable Software and Affected Versions PHPSimplicity Simplicity oF Upload versions prior to 1.3.1

Description The issue allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters in the download.php file.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the download.php file or disabling the language parameter to minimize the risk of exploitation.