CVE-2007-5216

Name of the Vulnerable Software and Affected Versions e-Ark version 1.0

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the cfg vcard path parameter to "src/vcard inc.php" or the cfg phpmailer path parameter to "src/email inc.php".

Recommendations For e-Ark version 1.0, consider restricting access to the src/vcard inc.php and src/email inc.php files to minimize the risk of exploitation. Avoid using the cfg vcard path and cfg phpmailer path parameters in the affected API endpoints until the issue is resolved.