CVE-2007-2503

Name of the Vulnerable Software and Affected Versions PHP Turbulence version 0.0.1 alpha

Description A directory traversal issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. This issue is disputed due to a fatal error occurring before inclusion when directly requesting the affected file.

Recommendations For PHP Turbulence version 0.0.1 alpha, consider restricting access to the turbulence.php file to minimize the risk of exploitation. Additionally, avoid using the GLOBALS[tcore] parameter in a way that could allow directory traversal until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.