CVE-2007-2458

Name of the Vulnerable Software and Affected Versions Pixaria Gallery versions prior to 1.4.3

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the cfg[sys][base path] parameter to scripts such as psg.smarty.lib.php and certain include and library scripts.

Recommendations For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the cfg[sys][base path] parameter in affected scripts until a patch is applied.