CVE-2007-2301

Name of the Vulnerable Software and Affected Versions audioCMS arash version 0.1.4

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the arashlib dir parameter to specific PHP files, including (1) edit.inc.php and (2) list features.inc.php in arash lib/include, and (3) arash gadmin.class.php and (4) arash sadmin.class.php in arash lib/class/.

Recommendations For audioCMS arash version 0.1.4, consider restricting access to the arashlib dir parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the arashlib dir parameter in the affected API endpoints, specifically edit.inc.php, list features.inc.php, arash gadmin.class.php, and arash sadmin.class.php, to minimize the risk of exploitation.