CVE-2008-5878

Name of the Vulnerable Software and Affected Versions Phpclanwebsite versions 1.23.3 Fix Pack 5 and earlier

Description The issue allows remote attackers to include and execute arbitrary files via directory traversal vulnerabilities. This is possible when magic quotes gpc is disabled and register globals is enabled. The vulnerabilities can be exploited through the boxname parameter to "theme/superchrome/box.php" and the theme parameter to "phpclanwebsite/footer.php".

Recommendations For Phpclanwebsite versions 1.23.3 Fix Pack 5 and earlier, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the box.php and footer.php files until a patch is available. Avoid using the boxname and theme parameters in the affected API endpoints until the issue is resolved.