Weatimages · Weatimages · CVE-2007-1999
**Name of the Vulnerable Software and Affected Versions**
Weatimages versions 1.7.1 and earlier
**Description**
The issue allows remote attackers to execute arbitrary PHP code when the weatimages.ini file is missing. This is achieved via a URL in the `ini[langpack]` parameter.
**Recommendations**
For Weatimages versions 1.7.1 and earlier, ensure the weatimages.ini file is present to prevent exploitation. As a temporary workaround, consider restricting access to the index.php file until a fix is applied. Avoid using the `ini[langpack]` parameter in the affected API endpoint until the issue is resolved.