CVE-2008-7090

Name of the Vulnerable Software and Affected Versions Pligg versions 9.9 and earlier

Description The issue allows remote attackers to determine the existence of arbitrary files or include arbitrary files via directory traversal vulnerabilities. This can be achieved by exploiting the $tb url variable in "trackback.php" or the template parameter in "settemplate.php" using a .. (dot dot) sequence.

Recommendations For Pligg versions 9.9 and earlier, as a temporary workaround, consider restricting access to the "trackback.php" and "settemplate.php" files until a patch is available. Avoid using the $tb url variable in "trackback.php" and the template parameter in "settemplate.php" with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.