CVE-2007-0167

Name of the Vulnerable Software and Affected Versions WGS-PPC (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter in various PHP files, including config admin.php, config main.php, config member.php, mysql config.php, admin.php, index.php, ipnprocess.php, registration.php, ppcbannerclick.php, and ppcclick.php.

Recommendations For all affected versions, consider restricting access to the INC parameter in the affected PHP files until a patch is available. As a temporary workaround, consider disabling the execution of PHP code in the affected files until a patch is available. Restrict access to the affected PHP files to minimize the risk of exploitation.