CVE-2007-1635

Name of the Vulnerable Software and Affected Versions: Net Portal Dynamic System (NPDS) versions 5.10 and earlier

Description: The issue allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" operation to "admin.php", which can later be accessed via a "Configure" operation to "admin.php".

Recommendations: For Net Portal Dynamic System (NPDS) versions 5.10 and earlier, consider restricting access to the "admin.php" endpoint and the xtop parameter to minimize the risk of exploitation until a fix is available. Avoid using the xtop parameter in the "ConfigSave" operation to "admin.php" until the issue is resolved.