CVE-2007-2326

Name of the Vulnerable Software and Affected Versions HYIP Manager Pro (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugin file parameter to various files, including (1) Smarty.class.php and (2) Smarty Compiler.class.php in inc/libs/, as well as several core files such as core.display debug console.php, core.load plugins.php, core.load resource plugin.php, core.process cached inserts.php, core.process compiled include.php, and core.read cache file.php in inc/libs/core/. Note that the vectors related to Smarty might be incorrectly reported.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.