CVE-2007-2985

Name of the Vulnerable Software and Affected Versions: Pheap version 2.0

Description: The issue allows remote attackers to bypass authentication by setting a pheap login cookie value to the administrator's username. This can be used to obtain sensitive information, including the administrator password, via "settings.php" or to upload and execute arbitrary PHP code via an "update doc" action in "edit.php".

Recommendations: For Pheap version 2.0, as a temporary workaround, consider restricting access to "settings.php" and "edit.php" to minimize the risk of exploitation. Avoid using the pheap login cookie until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.