Awebnews · Awebnews · CVE-2007-1247
**Name of the Vulnerable Software and Affected Versions**
aWebNews version 1.5
**Description**
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path to news` parameter to specific PHP files, including "listing.php" and "visview.php" API endpoints.
**Recommendations**
For aWebNews version 1.5, consider restricting access to the `listing.php` and `visview.php` files until a patch is available, and avoid using the `path to news` parameter in these API endpoints to minimize the risk of exploitation.