CVE-2009-3823

Name of the Vulnerable Software and Affected Versions Mobilelib GOLD version 3.0

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the myhtml.php file. This occurs when magic quotes gpc is enabled and a .. (dot dot) is used in the GLOBALS[page] parameter.

Recommendations For Mobilelib GOLD version 3.0, consider disabling the use of the GLOBALS[page] parameter or restricting access to the myhtml.php file until a patch is available. As a temporary workaround, disabling magic quotes gpc may also help minimize the risk of exploitation.