CVE-2007-2456

Name of the Vulnerable Software and Affected Versions FireFly version 1.1.01

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the doc root parameter to specific PHP files, including localize.php and config.php in modules/admin/include/.

Recommendations For FireFly version 1.1.01, consider restricting access to the localize.php and config.php files in the modules/admin/include/ directory to minimize the risk of exploitation. Avoid using the doc root parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.