CVE-2007-4485

Name of the Vulnerable Software and Affected Versions Butterfly online visitors counter version 1.08

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the SERVER[DOCUMENT ROOT] parameter, specifically in the visitor.php file. This is possible when used with certain older versions of PHP that have improper SERVER superglobal handling.

Recommendations For Butterfly online visitors counter version 1.08, consider updating PHP to a version that properly handles the SERVER superglobal to mitigate the risk of exploitation. As a temporary workaround, restrict access to the visitor.php file to minimize the risk of arbitrary PHP code execution. Avoid using the SERVER[DOCUMENT ROOT] parameter in the affected visitor.php file until the issue is resolved.