CVE-2007-0172

Name of the Vulnerable Software and Affected Versions AllMyGuests versions 0.3.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the AMG serverpath parameter to various PHP files, including "comments.php" and "signin.php", and possibly via a URL in unspecified parameters to other files such as "include/submit.inc.php", "admin/index.php", "include/cm submit.inc.php", and "index.php".

Recommendations For AllMyGuests versions 0.3.0 and earlier, consider disabling the AMG serverpath parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files, such as "comments.php", "signin.php", "include/submit.inc.php", "admin/index.php", "include/cm submit.inc.php", and "index.php", to minimize the risk of exploitation. Avoid using unspecified parameters in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.