CVE-2007-1472

Name of the Vulnerable Software and Affected Versions Groupit version 2.00b5

Description The issue allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $ GLOBALS. This can be achieved by manipulating the c basepath parameter in various PHP files, including "content.php", "userprofile.php", "password.php", "dispatch.php", and "deliver.php" in the html/ directory, and possibly "load.inc.php" and related files.

Recommendations For Groupit version 2.00b5, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the c basepath parameter in the affected API endpoints, such as "content.php", "userprofile.php", "password.php", "dispatch.php", and "deliver.php", to minimize the risk of exploitation.