CVE-2008-1917

Name of the Vulnerable Software and Affected Versions AMFPHP version 1.2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the class parameter to various PHP files, including 'methodTable.php', 'code.php', and 'details.php' in the 'browser/' directory, as well as the location parameter to 'browser/code.php'.

Recommendations For AMFPHP version 1.2, consider restricting access to the class and location parameters in the affected PHP files until a patch is available. As a temporary workaround, disabling the execution of user-supplied input in the class and location parameters can help minimize the risk of exploitation.