CVE-2009-3216

Name of the Vulnerable Software and Affected Versions iWiccle version 1.01

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the show parameter to the admin module, accessible through "index.php", or in the module parameter to "index.php". This is particularly problematic when magic quotes gpc is disabled.

Recommendations For iWiccle version 1.01, consider disabling the show and module parameters in the admin module and "index.php" respectively, until a patch is available, and ensure magic quotes gpc is enabled to minimize the risk of exploitation.