CVE-2007-5117

Name of the Vulnerable Software and Affected Versions FrontAccounting version 1.13

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to specific PHP files, such as "access/login.php" and "includes/lang/language.php", when register globals is enabled.

Recommendations For FrontAccounting version 1.13, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the "access/login.php" and "includes/lang/language.php" files until a patch is available. Avoid using the path to root parameter in these files until the issue is resolved.