CVE-2008-2813

Name of the Vulnerable Software and Affected Versions WallCity-Server Shoutcast Admin Panel version 2.0

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the index.php file, specifically when the magic quotes gpc setting is disabled. The vulnerability can be triggered by including a .. (dot dot) sequence in the page parameter of a request.

Recommendations For WallCity-Server Shoutcast Admin Panel version 2.0, consider disabling the execution of arbitrary local files until a patch is available. As a temporary workaround, enable the magic quotes gpc setting to prevent the exploitation of this issue. Additionally, restrict access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.