CVE-2007-1524

Name of the Vulnerable Software and Affected Versions ZomPlog versions 3.7.6 and earlier

Description A directory traversal issue exists in the themes/default/ directory of ZomPlog, allowing remote attackers to include arbitrary local files by using a .. (dot dot) in the settings[skin] parameter. This can be exploited to inject PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.

Recommendations For ZomPlog versions 3.7.6 and earlier, as a temporary workaround, consider restricting access to the themes/default/ directory to minimize the risk of exploitation. Avoid using the settings[skin] parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.