CVE-2008-5860

Name of the Vulnerable Software and Affected Versions Constructr CMS versions 3.02.5 and earlier

Description The issue allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit file parameter, when register globals is enabled and magic quotes gpc is disabled.

Recommendations For Constructr CMS versions 3.02.5 and earlier, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the backend/template.php file to minimize the risk of arbitrary file creation or reading. Avoid using the edit file parameter in the affected API endpoint until the issue is resolved.