CVE-2007-1721

Name of the Vulnerable Software and Affected Versions: C-Arbre versions 0.6PR7 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the root path parameter to various PHP files, including (1) Richtxt functions.inc.php, (2) adddocfile.php, (3) auth check.php, (4) browse current category.inc.php, (5) docfile details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.

Recommendations: For C-Arbre versions 0.6PR7 and earlier, consider disabling the root path parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files in lib/ and mwiki/ to minimize the risk of exploitation. Avoid using the root path parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.