CVE-2007-2914

Name of the Vulnerable Software and Affected Versions PsychoStats version 3.0.6b

Description The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to various files, including awards.php, login.php, register.php, and weapons.php. This can be achieved by manipulating the PATH INFO, which is used to specify additional information for the server to process.

Recommendations For PsychoStats version 3.0.6b, consider restricting access to the affected files, such as awards.php, login.php, register.php, and weapons.php, until a patch is available. As a temporary workaround, avoid using the PATH INFO to pass user-supplied input to these files.