CVE-2007-5453

Name of the Vulnerable Software and Affected Versions: Php-Stats version 0.1.9.2

Description: The issue allows remote authenticated administrators to execute arbitrary code by injecting PHP sequences into the php-stats-options record in the options table. This is used in an eval function call by files such as admin.php, click.php, and download.php. The injection can be achieved by modifying options through a backup restore action in admin.php.

Recommendations: For Php-Stats version 0.1.9.2, consider restricting access to the admin.php file and other affected files to prevent remote authenticated administrators from exploiting the eval injection vulnerability. As a temporary workaround, avoid using the backup restore action in admin.php until a fix is available.