CVE-2007-0702

Name of the Vulnerable Software and Affected Versions phpEventMan version 1.0.2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the level parameter to specific PHP files, including Shared/controller/text.ctrl.php and UserMan/controller/common.function.php.

Recommendations For phpEventMan version 1.0.2, consider restricting access to the level parameter in the affected PHP files until a patch is available. As a temporary workaround, disabling the execution of remote files in these parameters can help minimize the risk of exploitation.