CVE-2007-4606

Name of the Vulnerable Software and Affected Versions PHPNuke-Clan (PNC) versions 4.2.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the vwar root parameter. This is a different vector than previously identified issues. It is possible that this issue stems from a problem in VWar itself.

Recommendations For PHPNuke-Clan (PNC) versions 4.2.0 and earlier, consider restricting access to the convert/mvcw conver.php file in the Virtual War (VWar) module until a patch is available. As a temporary workaround, avoid using the vwar root parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.