CVE-2008-1537

Name of the Vulnerable Software and Affected Versions PowerBook version 1.21

Description A directory traversal issue exists in the pb inc/admincenter/index.php file, allowing remote attackers to include and execute arbitrary local files by using a .. (dot dot) in the page parameter. This can potentially be used for remote file inclusion in certain environments by utilizing a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Recommendations For PowerBook version 1.21, consider restricting access to the page parameter in the pb inc/admincenter/index.php file to prevent directory traversal attacks. As a temporary workaround, restrict the use of the page parameter until a patch is available.