CVE-2003-1254

Name of the Vulnerable Software and Affected Versions Active PHP Bookmarks (APB) version 1.1.01

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the APB SETTINGS parameter to reference a URL on a remote web server that contains the code. This can be achieved through various PHP files, including head.php, apb common.php, or apb view class.php.

Recommendations For Active PHP Bookmarks (APB) version 1.1.01, consider restricting access to the APB SETTINGS parameter to prevent modification and avoid using remote URLs that could contain malicious code. As a temporary workaround, restrict access to the affected PHP files until a patch is available.