CVE-2007-2156

Name of the Vulnerable Software and Affected Versions Rezervi Generic version 0.9

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the root parameter to various PHP files, including (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in the templates/ directory, as well as (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in the belegungsplan/ directory.

Recommendations As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the root parameter in the affected API endpoints until the issue is resolved. Restrict access to the templates/ and belegungsplan/ directories to minimize the risk of exploitation.