CVE-2009-4315

Name of the Vulnerable Software and Affected Versions Nuggetz CMS version 1.0

Description The issue allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter. This can be exploited to execute arbitrary PHP code by creating and accessing a .php file.

Recommendations For Nuggetz CMS version 1.0, consider disabling the admin/ajaxsave.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc may help mitigate the issue. As a temporary workaround, restrict the use of the nugget and pagevalue parameters in the affected API endpoint.