CVE-2008-4331

Name of the Vulnerable Software and Affected Versions: phpOCS versions 0.1 beta3 and earlier

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to "index.php". This is a directory traversal vulnerability in the library/pagefunctions.inc.php file.

Recommendations: For phpOCS versions 0.1 beta3 and earlier, consider restricting access to the act parameter in the "index.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.