CVE-2007-2067

Name of the Vulnerable Software and Affected Versions WebSlider version 0.6

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to various PHP files, including (1) "index.php", (2) "modules/pdf.php", (3) "plugins/highlight.php", or (4) "include/modules.php".

Recommendations For WebSlider version 0.6, consider restricting access to the path parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the path parameter in the API endpoints "index.php", "modules/pdf.php", "plugins/highlight.php", and "include/modules.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.