Unknown · Ajax File Browser · CVE-2007-4921
Name of the Vulnerable Software and Affected Versions:
Ajax File Browser version 3 Beta
Description:
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `approot` parameter in the ` includes/settings.inc.php` file.
Recommendations:
For Ajax File Browser version 3 Beta, consider restricting access to the ` includes/settings.inc.php` file and validating the `approot` parameter to prevent remote file inclusion attacks. As a temporary workaround, restrict the use of the `approot` parameter until a patch is available.