CVE-2008-6002

Name of the Vulnerable Software and Affected Versions web-cp version 0.5.7

Description The issue allows remote attackers to read arbitrary files due to an absolute path traversal vulnerability in sendfile.php when register globals is enabled. This is achieved by providing a full pathname in the filelocation parameter.

Recommendations For web-cp version 0.5.7, consider disabling the sendfile.php script or restricting access to it until a patch is available. Additionally, disabling register globals can help mitigate the risk of exploitation. Avoid using the filelocation parameter in the affected script until the issue is resolved.