CVE-2007-0314

Name of the Vulnerable Software and Affected Versions: Article System version 1.0

Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the INCLUDE DIR parameter to specific API endpoints, such as "forms.php", "issue edit.php", "client.php", and "classes.php".

Recommendations: For Article System version 1.0, consider restricting access to the INCLUDE DIR parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the INCLUDE DIR parameter in the "forms.php", "issue edit.php", "client.php", and "classes.php" endpoints to minimize the risk of exploitation.