CVE-2007-4947

Name of the Vulnerable Software and Affected Versions myphpPagetool version 0.4.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to various PHP files, including "help1.php", "help2.php", "help3.php", "help4.php", "help5.php", "help6.php", "help7.php", "help8.php", "help9.php", or "index.php" in the "doc/admin/" directory.

Recommendations For myphpPagetool version 0.4.3, consider disabling the ptinclude parameter in the affected PHP files until a patch is available. Restrict access to the "doc/admin/" directory to minimize the risk of exploitation. Avoid using the ptinclude parameter in the affected API endpoints until the issue is resolved.