CVE-2007-2097

Name of the Vulnerable Software and Affected Versions OpenConcept Back-End CMS version 0.4.7

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the includes path parameter to various PHP files, including "click.php" and "pollcollector.php" in the htdocs directory, and multiple files in the htdocs/site-admin directory, such as "index.php", "articlepages.php", and "upload.php".

Recommendations For OpenConcept Back-End CMS version 0.4.7, consider restricting access to the includes path parameter in the affected PHP files until a patch is available. As a temporary workaround, define the $includes path variable before use to prevent remote file inclusion attacks.