CVE-2008-2898

Name of the Vulnerable Software and Affected Versions Hedgehog-CMS version 1.21

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This can be achieved by using a .. (dot dot) in the c temp path parameter. In certain environments, this issue can be leveraged for remote file inclusion by utilizing a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Recommendations For Hedgehog-CMS version 1.21, consider restricting access to the includes/header.php file until a patch is available. As a temporary workaround, avoid using the c temp path parameter in the affected API endpoint until the issue is resolved.