CVE-2007-0497

Name of the Vulnerable Software and Affected Versions Upload-Service version 1.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter when register globals is enabled. This is a result of a PHP remote file inclusion vulnerability in the upload/top.php file.

Recommendations For Upload-Service version 1.0, consider disabling the register globals setting to prevent exploitation, and restrict access to the upload/top.php file until a patch is available. As a temporary workaround, avoid using the maindir parameter in the affected file until the issue is resolved.