CVE-2007-1620

Name of the Vulnerable Software and Affected Versions PHP DB Designer versions 1.02 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the SESSION[SITE PATH] parameter to "wind/help.php" or "wind/about.php", or the SESSION[DRIVER] parameter to "db/session.php".

Recommendations For PHP DB Designer versions 1.02 and earlier, as a temporary workaround, consider restricting access to the "wind/help.php", "wind/about.php", and "db/session.php" files until a patch is available. Avoid using the SESSION[SITE PATH] and SESSION[DRIVER] parameters in the affected API endpoints until the issue is resolved.