CVE-2008-6172

Name of the Vulnerable Software and Affected Versions RWCards (com rwcards) version 3.0.11

Description A directory traversal issue exists in the captcha/captcha image.php file of the RWCards component for Joomla!. This issue allows remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. The attack is performed by using directory traversal sequences in the img parameter of a vulnerable API endpoint, such as "/captcha/captcha image.php".

Recommendations For RWCards (com rwcards) version 3.0.11, consider disabling the captcha image.php file until a patch is available, or enable magic quotes gpc to prevent the exploitation of this issue. Restrict access to the captcha/captcha image.php file to minimize the risk of exploitation. Avoid using the img parameter in the affected API endpoint until the issue is resolved.