CVE-2007-4809

Name of the Vulnerable Software and Affected Versions: Online Fantasy Football League (OFFL) version 0.2.6

Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the DOC ROOT parameter to specific PHP files, such as lib/functions.php or lib/header.php.

Recommendations: For Online Fantasy Football League (OFFL) version 0.2.6, consider restricting access to the lib/functions.php and lib/header.php files to minimize the risk of exploitation. Avoid using the DOC ROOT parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.