CVE-2007-2201

Name of the Vulnerable Software and Affected Versions Post Revolution versions 6.6 through 7.0 RC2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the dir parameter to specific PHP files, such as common.php or themes/default/preview post completo.php.

Recommendations For Post Revolution versions 6.6 through 7.0 RC2, consider restricting access to the common.php and themes/default/preview post completo.php files until a patch is available. Avoid using the dir parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.