CVE-2007-2001

Name of the Vulnerable Software and Affected Versions Crea-Book versions 1.0 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary PHP code via the Fond de la page (background color) field and other unspecified fields in admin/configurer2.php, which injects into config.inc.php3.

Recommendations For Crea-Book versions 1.0 and earlier, consider restricting access to the admin/configurer2.php file until a fix is available, and avoid using the Fond de la page field and other vulnerable fields to minimize the risk of exploitation.