CVE-2007-3057

Name of the Vulnerable Software and Affected Versions: XOOPS icontent module version 4.5

Description: A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the spaw root parameter in the include/wysiwyg/spaw control.class.php file.

Recommendations: For XOOPS icontent module version 4.5, consider restricting access to the spaw control.class.php file until a patch is available. Avoid using the spaw root parameter in the affected module to minimize the risk of exploitation.