CVE-2008-6543

Name of the Vulnerable Software and Affected Versions ComScripts TEAM Quick Classifieds version 1.0

Description The issue affects ComScripts TEAM Quick Classifieds, allowing remote file inclusion via the DOCUMENT ROOT parameter in multiple PHP files. This includes files such as index.php3, locate.php3, search results.php3, and others in various directories, including the root, classifieds, controlcenter, and controlpannel. Additionally, files like include/sendit.php3 and include/sendit2.php3 are affected. Possibly, files such as include/adminHead.inc, include/usersHead.inc, and style/default.scheme.inc are also vulnerable.

Recommendations For ComScripts TEAM Quick Classifieds version 1.0, as a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the DOCUMENT ROOT parameter in the affected API endpoints, such as index.php3, locate.php3, and others, until the issue is resolved. Restrict access to the controlcenter and controlpannel directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.