CVE-2007-4834

Name of the Vulnerable Software and Affected Versions: phpRealty version 0.02

Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the MGR parameter to specific API endpoints, including /index.php, /p ins.php, and /u ins.php in the manager/admin/ directory.

Recommendations: For phpRealty version 0.02, consider restricting access to the manager/admin/ directory and its associated API endpoints, such as /index.php, /p ins.php, and /u ins.php, to minimize the risk of exploitation. Avoid using the MGR parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.