CVE-2008-1124

Name of the Vulnerable Software and Affected Versions Podcast Generator versions 1.0 BETA 2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to various PHP files, including (1) components/xmlparser/loadparser.php, (2) admin.php, (3) categories.php, (4) categories add.php, (5) categories remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/, as well as (13) archive cat.php, (14) archive nocat.php, and (15) recent list.php in core/.

Recommendations For Podcast Generator versions 1.0 BETA 2 and earlier, consider disabling the absoluteurl parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files in core/admin/ and core/ to minimize the risk of exploitation. Avoid using the absoluteurl parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.