CVE-2009-3694

Name of the Vulnerable Software and Affected Versions ezRecipe-Zee version 91

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter when register globals is enabled. This is a directory traversal vulnerability in the config/config.php file.

Recommendations For ezRecipe-Zee version 91, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the config/config.php file and avoid using the cfg[prePath] parameter with untrusted input until a fix is available.