CVE-2007-2086

Name of the Vulnerable Software and Affected Versions CNStats version 2.9

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the bj parameter to API endpoints such as "who r.php" or "who s.php" in the "reports/" directory.

Recommendations For CNStats version 2.9, consider restricting access to the "who r.php" and "who s.php" files in the "reports/" directory to minimize the risk of exploitation. Avoid using the bj parameter in these API endpoints until the issue is resolved.