CVE-2007-5984

Name of the Vulnerable Software and Affected Versions Justin Hagstrom AutoIndex PHP Script versions prior to 2.2.4

Description The issue allows remote attackers to cause a denial of service, consuming CPU and memory, by sending a %00 sequence in the dir parameter to "index.php", triggering an erroneous recursive calculation.

Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the dir parameter in the affected endpoint until the issue is resolved.