CVE-2007-1060

Name of the Vulnerable Software and Affected Versions: Interspire SendStudio versions 2004.14 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals and allow fopenurl are enabled. This is achieved by providing a URL in the ROOTDIR parameter to specific PHP files, including createemails.inc.php and send emails.inc.php in the /admin/includes/ directory.

Recommendations: For Interspire SendStudio versions 2004.14 and earlier, consider disabling the register globals and allow fopenurl settings to prevent exploitation. Additionally, restrict access to the /admin/includes/ directory and the createemails.inc.php and send emails.inc.php files to minimize the risk of arbitrary PHP code execution.