CVE-2007-4815

Name of the Vulnerable Software and Affected Versions: ED Engine versions 0.8999 alpha

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to various PHP files, including (1) "channeledit.php", (2) "post.php", (3) "view.php", or (4) "viewitem.php" in the "source/mod/rss/" directory.

Recommendations: For ED Engine version 0.8999 alpha, as a temporary workaround, consider restricting access to the Codebase parameter in the affected PHP files until a patch is available. Avoid using the Codebase parameter in the affected API endpoints, such as "channeledit.php", "post.php", "view.php", and "viewitem.php", until the issue is resolved.