CVE-2008-1609

Name of the Vulnerable Software and Affected Versions just another flat file (JAF) CMS version 4.0 RC2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in specific parameters. This can be achieved by manipulating the website parameter in files such as forum.php, headlines.php, and main.php within the forum/ directory, or the main dir parameter in forum/forum.php.

Recommendations For just another flat file (JAF) CMS version 4.0 RC2, consider restricting access to the vulnerable parameters website and main dir in the affected files until a patch is available. As a temporary workaround, avoid using the website parameter in the "forum.php", "headlines.php", and "main.php" files, and the main dir parameter in the "forum/forum.php" file.