CVE-2007-1851

Name of the Vulnerable Software and Affected Versions: RSPA 2007-03-23

Description: The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the class parameter to specific PHP files, including "Controller v4.php" and "Controller v5.php".

Recommendations: For RSPA 2007-03-23, consider restricting access to the Controller v4.php and Controller v5.php files until a patch is available. As a temporary workaround, avoid using the class parameter in these files to minimize the risk of exploitation.