CVE-2007-5054

Name of the Vulnerable Software and Affected Versions iziContents versions 1 RC6 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to several API endpoints, including "search/search.php", "poll/inlinepoll.php", "poll/showpoll.php", "links/showlinks.php", or "links/submit links.php" in modules/.

Recommendations For iziContents versions 1 RC6 and earlier, as a temporary workaround, consider restricting access to the gsLanguage parameter in the affected API endpoints until a patch is available. Avoid using the gsLanguage parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.