CVE-2007-0638

Name of the Vulnerable Software and Affected Versions PHPFootball version 1.6

Description The issue allows remote attackers to obtain sensitive information, specifically database contents, by exploiting a weakness in the show.php file. This is achieved by including a % (percent) character in the dbfieldv parameter of the vulnerable API endpoint.

Recommendations For PHPFootball version 1.6, as a temporary workaround, consider restricting access to the show.php file or sanitizing the dbfieldv parameter to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.