CVE-2007-1720

Name of the Vulnerable Software and Affected Versions: Addressbook module for PHP-Nuke version 1.2

Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by injecting a .. (dot dot) in the module name parameter. This can be exploited by injecting PHP sequences into an Apache HTTP Server log file.

Recommendations: For Addressbook module for PHP-Nuke version 1.2, consider restricting access to the addressbook.php file until a patch is available. As a temporary workaround, avoid using the module name parameter in the affected module to minimize the risk of exploitation.