CVE-2008-0803

Name of the Vulnerable Software and Affected Versions LookStrike Lan Manager version 0.9

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the sys conf[path][real] parameter to various PHP files. This can be leveraged to include and execute arbitrary local files via directory traversal sequences. The affected files include multiple PHP scripts in the modulesclass and modulesclassdb directories, as well as modulesclasstournament.

Recommendations For LookStrike Lan Manager version 0.9, consider restricting access to the sys conf[path][real] parameter to prevent remote file inclusion attacks. As a temporary workaround, restrict access to the affected PHP files in the modulesclass, modulesclassdb, and modulesclasstournament directories until a patch is available. Avoid using the sys conf[path][real] parameter in URLs to minimize the risk of exploitation.