CVE-2007-2084

Name of the Vulnerable Software and Affected Versions MobilePublisherphp version 1.1.2

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the auth method parameter to various PHP files in the admin directory, including "index.php", "list.php", "postreview.php", "reindex.php", "sections.php", "templates.php", "userinfo.php", "users.php", and "view.php". However, this issue has been disputed by a reliable third party, who claims that the $auth method variable is defined before use.

Recommendations For MobilePublisherphp version 1.1.2, as a temporary workaround, consider restricting access to the auth method parameter in the affected PHP files until the issue is resolved. Additionally, restrict access to the admin directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.