CVE-2007-0487

Name of the Vulnerable Software and Affected Versions FreeForum version 0.9.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter in the index.php file. However, this issue has been disputed by third-party researchers, stating that the fpath variable is initialized before being used.

Recommendations For FreeForum version 0.9.0, consider restricting access to the fpath parameter in the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.