CVE-2008-2649

Name of the Vulnerable Software and Affected Versions DesktopOnNet 3 Beta

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the app path parameter to specific API endpoints, including "/don3 requiem.don3app/don3 requiem.php" and "/frontpage.don3app/frontpage.php".

Recommendations For DesktopOnNet 3 Beta, consider restricting access to the app path parameter in the affected API endpoints until a patch is available. As a temporary workaround, disabling the execution of remote PHP code in these endpoints can help minimize the risk of exploitation.