CVE-2007-1152

Name of the Vulnerable Software and Affected Versions Pyrophobia version 2.1.3.1

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the act or pid parameter to the "index.php" endpoint, or the action parameter to "admin/index.php".

Recommendations For Pyrophobia version 2.1.3.1, as a temporary workaround, consider restricting access to the act, pid, and action parameters in the affected endpoints until a patch is available. Avoid using the act and pid parameters in the top-level "index.php" endpoint and the action parameter in "admin/index.php" to minimize the risk of exploitation.