CVE-2009-0735

Name of the Vulnerable Software and Affected Versions Papoo CMS version 3.6

Description The issue allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter, specifically when register globals is enabled and magic quotes gpc is disabled.

Recommendations For Papoo CMS version 3.6, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the pfadhier parameter in the affected API endpoint to minimize the risk of file traversal attacks.