CVE-2007-2185

Name of the Vulnerable Software and Affected Versions Supasite version 1.23b

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the supa[db path] parameter to various PHP files, including "common functions.php", "admin auth cookies.php", "admin mods.php", "admin news.php", "admin topics.php", "admin users.php", "admin utilities.php", "site comment.php", and "site news.php". Additionally, the supa[include path] parameter in "admin settings.php" and "backend site.php" is also vulnerable.

Recommendations For Supasite version 1.23b, consider disabling the supa[db path] and supa[include path] parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files to minimize the risk of exploitation. Avoid using the supa[db path] and supa[include path] parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.