CVE-2007-6231

Name of the Vulnerable Software and Affected Versions tellmatic version 1.0.7

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the tm includepath parameter to various PHP files, including Classes.inc.php, statistic.inc.php, status.inc.php, status top x.inc.php, or libchart-1.1/libchart.php in the include/ directory. However, access to the include/ directory is typically blocked by .htaccess in deployments using Apache HTTP Server.

Recommendations For tellmatic version 1.0.7, consider restricting access to the tm includepath parameter to prevent remote file inclusion attacks. As a temporary workaround, restrict access to the include/ directory to minimize the risk of exploitation.