CVE-2002-2134

Name of the Vulnerable Software and Affected Versions: PEEL version 1.0b

Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file.

Recommendations: For PEEL version 1.0b, consider restricting access to the haut.php file or avoid using the dirroot parameter to reference external URLs until a patch is available. As a temporary workaround, restrict the use of the dirroot parameter to only reference local files.