CVE-2007-4170

Name of the Vulnerable Software and Affected Versions AL-Athkar version 2.0

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the include parameter to "Main.php" and "get.php" and the exec parameter to "count.php".

Recommendations For AL-Athkar version 2.0, consider disabling the include parameter in "Main.php" and "get.php" and the exec parameter in "count.php" as a temporary workaround until a patch is available. Restrict access to these parameters to minimize the risk of exploitation.