CVE-2009-4085

Name of the Vulnerable Software and Affected Versions PHP Traverser version 0.8.0

Description A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the BASE parameter within the GLOBALS array. This can be achieved by manipulating the URL to include malicious PHP code.

Recommendations For PHP Traverser version 0.8.0, consider restricting access to the mp3 id.php file in the assets/plugins/mp3 id directory to minimize the risk of exploitation. As a temporary workaround, avoid using the BASE parameter in the GLOBALS array until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.