CVE-2008-2645

Name of the Vulnerable Software and Affected Versions Brim (formerly Booby) version 1.0.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in various templates, including barrel/, barry/, mylook/, oerdec/, penguin/, sidebar/, slashdot/, and text-only/. This can also be used to include and execute arbitrary local files via directory traversal sequences.

Recommendations For Brim (formerly Booby) version 1.0.1, consider restricting access to the template.tpl.php file in the affected templates to minimize the risk of exploitation. As a temporary workaround, avoid using the renderer parameter in the template.tpl.php file until a patch is available.