CVE-2007-1109

Name of the Vulnerable Software and Affected Versions Phpwebgallery version 1.4.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via several fields, including the login or mail address field in "Register.php", or the search author, mode, start year, end year, or date type field in "Search.php".

Recommendations For Phpwebgallery version 1.4.1, avoid using the vulnerable fields in Register.php and Search.php until a patch is available. As a temporary workaround, consider restricting access to the Register.php and Search.php files to minimize the risk of exploitation.