CVE-2009-4435

Name of the Vulnerable Software and Affected Versions F3Site 2009

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack is facilitated through directory traversal sequences in the GLOBALS[nlang] parameter to specific API endpoints: "/mod/poll.php" and "/mod/new.php".

Recommendations For F3Site 2009, to mitigate the issue, consider restricting access to the GLOBALS[nlang] parameter in the affected API endpoints "/mod/poll.php" and "/mod/new.php" until a fix is available. Additionally, avoid using directory traversal sequences in these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.