CVE-2008-0654

Name of the Vulnerable Software and Affected Versions Azucar CMS version 1.3

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the VIEW (view) parameter to API endpoints such as "index.php", "html/sitio/index.php", or "src/sistema/vistas/template/tpl inicio.php".

Recommendations For Azucar CMS version 1.3, as a temporary workaround, consider restricting access to the VIEW parameter in the affected API endpoints until a patch is available. Avoid using the VIEW parameter with untrusted input in "index.php", "html/sitio/index.php", or "src/sistema/vistas/template/tpl inicio.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.