CVE-2007-3066

Name of the Vulnerable Software and Affected Versions: php(Reactor) versions 1.2.7 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to various files, including (1) "view.inc.php", (2) "users.inc.php", (3) "updatecms.inc.php", and (4) "polls.inc.php" in the "inc/" directory, as well as other unspecified files.

Recommendations: For php(Reactor) versions 1.2.7 and earlier, consider restricting access to the pathtohomedir parameter in the affected API endpoints, such as "view.inc.php", "users.inc.php", "updatecms.inc.php", and "polls.inc.php", until a patch is available. As a temporary workaround, avoid using the pathtohomedir parameter in these files to minimize the risk of exploitation.