CVE-2005-0679

Name of the Vulnerable Software and Affected Versions Tell A Friend Script versions 2.4 through 2.7 before 20050305

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the script root parameter to reference a URL on a remote web server that contains the code.

Recommendations For Tell A Friend Script versions 2.4 through 2.7 before 20050305, update to a version released after 20050305 to resolve the issue. As a temporary workaround, consider restricting access to the tell a friend.inc.php file to minimize the risk of exploitation. Avoid using the script root parameter in the affected script until the issue is resolved.