CVE-2007-5055

Name of the Vulnerable Software and Affected Versions iziContents versions 1 RC6 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files. This can be achieved by using a .. (dot dot) in the admin home parameter to the "/modules/poll/poll summary.php" endpoint or the rootdp parameter to the "/include/db.php" endpoint.

Recommendations For iziContents versions 1 RC6 and earlier, consider restricting access to the vulnerable modules, specifically the poll summary.php and db.php files, until a fix is available. As a temporary workaround, avoid using the admin home and rootdp parameters in the affected API endpoints.