CVE-2007-0050

Name of the Vulnerable Software and Affected Versions OpenPinboard version 2.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the language parameter in index.php. However, it has been disputed by the developer and a third party, as the variable is set before use. There is a small time window of risk before the installation is complete.

Recommendations For OpenPinboard version 2.0, consider restricting access to the index.php file until the issue is resolved, and ensure the language parameter is properly validated to prevent arbitrary PHP code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.