CVE-2007-2706

Name of the Vulnerable Software and Affected Versions Media Gallery versions 1.4.8a and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the MG CONF[path html] parameter in the maint/ftpmedia.php file. This can be exploited by providing a malicious URL, potentially leading to code execution.

Recommendations For Media Gallery versions 1.4.8a and earlier, consider restricting access to the maint/ftpmedia.php file until a patch is available. As a temporary workaround, avoid using the MG CONF[path html] parameter in the affected file to minimize the risk of exploitation.