CVE-2008-6833

Name of the Vulnerable Software and Affected Versions: fuzzylime (cms) versions prior to 3.01b

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action. This can be demonstrated by manipulating the files[0] parameter.

Recommendations: For versions prior to 3.01b, update to version 3.01b or later to resolve the issue. As a temporary workaround, consider restricting access to the commsrss.php file to minimize the risk of exploitation. Avoid using the files array element in the affected API endpoint until the issue is resolved.