CVE-2007-1053

Name of the Vulnerable Software and Affected Versions: phpXmms version 1.0

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) "phpxmmsb.php" or (2) "phpxmmst.php". However, a reliable third party has disputed this, stating that the tcmdp variable is initialized by config.php.

Recommendations: For phpXmms version 1.0, consider restricting access to the "phpxmmsb.php" and "phpxmmst.php" files until the issue is resolved. As a temporary workaround, avoid using the tcmdp parameter in these files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.