CVE-2008-3312

Name of the Vulnerable Software and Affected Versions: Lemon CMS version 1.10

Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the dir parameter in the browser.php file of the FCKeditor component. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations: For Lemon CMS version 1.10, consider restricting access to the browser.php file in the FCKeditor component to minimize the risk of exploitation. Avoid using the dir parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.