CVE-2007-5416

Name of the Vulnerable Software and Affected Versions: Drupal versions prior to 5.2

Description: The issue allows remote attackers to execute arbitrary PHP code by invoking the drupal eval function through a callback parameter to the default URI. This can be achieved by including a numeric parameter with a value matching an alphanumeric parameter's hash value in the input data. For example, this can be demonstrated by the menu[callbacks][1][callback] parameter.

Recommendations: For versions prior to 5.2, consider disabling the drupal eval function as a temporary workaround until a proper fix is applied. Restrict access to the default URI to minimize the risk of exploitation. Avoid using the menu[callbacks][1][callback] parameter in the affected URI until the issue is resolved.