CVE-2007-1423

Name of the Vulnerable Software and Affected Versions WORK system e-commerce versions 3.0.5 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the g include parameter to certain PHP scripts, such as include/include top.php.

Recommendations For versions 3.0.5 and earlier, consider restricting access to the g include parameter in the affected PHP scripts until a patch is available. As a temporary workaround, disabling the inclusion of remote files via the include/include top.php script may help minimize the risk of exploitation.