CVE-2007-0561

Name of the Vulnerable Software and Affected Versions Xero Portal version 1.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter to various PHP files, including "admin linkdb.php", "admin forum prune.php", "admin extensions.php", "admin board.php", "admin attachments.php", and "admin users.php" in the admin directory.

Recommendations For Xero Portal version 1.2, consider restricting access to the phpbb root path parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the phpbb root path parameter in the specified admin files to minimize the risk of exploitation.