CVE-2007-2142

Name of the Vulnerable Software and Affected Versions AjPortal2Php (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to various PHP files, including "begin.inc.php", "connection.inc.php", "events.inc.php", "footer.inc.php", "header.inc.php", "menuleft.inc.php", and "pages.inc.php" in the "includes/" directory.

Recommendations As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the PagePrefix parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.