CVE-2008-3555

Name of the Vulnerable Software and Affected Versions WSN Forum versions 4.1.43 and earlier Gallery versions 4.1.30 and earlier Knowledge Base (WSNKB) versions 4.1.36 and earlier Links versions 4.1.44 and earlier Classifieds versions prior to 4.1.30

Description A directory traversal issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter. This can be exploited by uploading a file, such as a .jpg file, containing PHP sequences.

Recommendations For WSN Forum versions 4.1.43 and earlier, update to a version later than 4.1.43. For Gallery versions 4.1.30 and earlier, update to a version later than 4.1.30. For Knowledge Base (WSNKB) versions 4.1.36 and earlier, update to a version later than 4.1.36. For Links versions 4.1.44 and earlier, update to a version later than 4.1.44. For Classifieds versions prior to 4.1.30, update to version 4.1.30 or later. As a temporary workaround, consider restricting access to the TID parameter in the affected index.php file until a patch is available.