CVE-2007-6191

Name of the Vulnerable Software and Affected Versions p.mapper version 3.2.0 beta3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the SESSION[PM INCPHP] parameter to specific PHP files, such as incphp/globals.php or plugins/export/mc table.php.

Recommendations For p.mapper version 3.2.0 beta3, consider restricting access to the SESSION[PM INCPHP] parameter to prevent remote attackers from executing arbitrary PHP code. As a temporary workaround, consider disabling the inclusion of external PHP files until a proper fix is applied.