CVE-2007-5166

Name of the Vulnerable Software and Affected Versions SiteSys version 1.0a

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the doc root parameter to specific PHP files, including "inc/pagehead.inc.php" and "inc/pageinit.inc.php".

Recommendations For SiteSys version 1.0a, consider restricting access to the inc/pagehead.inc.php and inc/pageinit.inc.php files to minimize the risk of exploitation. Avoid using the doc root parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.