CVE-2010-4924

Name of the Vulnerable Software and Affected Versions clearBudget version 0.9.8

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter in the logic/controller.class.php file. This is a remote file inclusion issue. Note that this issue has been disputed by a reliable third party.

Recommendations For clearBudget version 0.9.8, as a temporary workaround, consider restricting access to the actionPath parameter in the logic/controller.class.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.