W Agora · W-Agora · CVE-2007-0607
**Name of the Vulnerable Software and Affected Versions**
W-Agora (Web-Agora) version 4.2.1
**Description**
The issue allows remote attackers to obtain application path information via a direct request to the `globals.inc` file, which is stored under the web document root with insufficient access control when `register globals` is enabled.
**Recommendations**
For W-Agora (Web-Agora) version 4.2.1, consider disabling the `register globals` setting to prevent remote attackers from accessing sensitive information. Additionally, restrict access to the `globals.inc` file to minimize the risk of exploitation.