CVE-2007-2087

Name of the Vulnerable Software and Affected Versions CNStats version 2.12

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the bn parameter to specific PHP files, including "who r.php" and "who s.php" in the "reports/" directory, when register globals is enabled and .htaccess is not recognized.

Recommendations For CNStats version 2.12, consider disabling the register globals setting and ensuring .htaccess is properly recognized to prevent exploitation. Additionally, restrict access to the "who r.php" and "who s.php" files in the "reports/" directory until a fix is available.