CVE-2007-4636

Name of the Vulnerable Software and Affected Versions phpBG version 0.9.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to various PHP files, including (1) 'intern/admin/other/backup.php', (2) 'intern/admin/', (3) 'intern/clan/member add.php', (4) 'intern/config/key 2.php', or (5) 'intern/config/forum.php'.

Recommendations For phpBG version 0.9.1, as a temporary workaround, consider restricting access to the rootdir parameter in the affected PHP files until a patch is available. Avoid using the rootdir parameter in the specified API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.