CVE-2007-0607

Name of the Vulnerable Software and Affected Versions W-Agora (Web-Agora) version 4.2.1

Description The issue allows remote attackers to obtain application path information via a direct request to the globals.inc file, which is stored under the web document root with insufficient access control when register globals is enabled.

Recommendations For W-Agora (Web-Agora) version 4.2.1, consider disabling the register globals setting to prevent remote attackers from accessing sensitive information. Additionally, restrict access to the globals.inc file to minimize the risk of exploitation.