CVE-2007-3096

Name of the Vulnerable Software and Affected Versions: PBLang (PBL) versions 4.67.16.a and earlier

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter in the "login.php" file when magic quotes gpc is disabled.

Recommendations: For PBLang (PBL) versions 4.67.16.a and earlier, consider disabling the lang parameter in the "login.php" file until a patch is available. Restrict access to the "login.php" file to minimize the risk of exploitation. Avoid using the lang parameter in the affected endpoint until the issue is resolved.