CVE-2007-2504

Name of the Vulnerable Software and Affected Versions PHP Turbulence version 0.0.1 alpha

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter in the user/turbulence.php file. However, this vulnerability is disputed because a direct request to user/turbulence.php triggers a fatal error before inclusion.

Recommendations For PHP Turbulence version 0.0.1 alpha, consider restricting access to the user/turbulence.php file to minimize the risk of exploitation. Additionally, avoid using the GLOBALS[tcore] parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.