CVE-2007-2569

Name of the Vulnerable Software and Affected Versions Friendly versions 1.0d1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the friendly path parameter to various PHP files, including (1) core/data/yaml.inc.php, or load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

Recommendations For Friendly versions 1.0d1 and earlier, consider restricting access to the friendly path parameter in the affected PHP files until a patch is available. As a temporary workaround, consider disabling the execution of PHP code in the core/data/, core/display/, and core/support/ directories to minimize the risk of exploitation. Avoid using the friendly path parameter in the affected API endpoints until the issue is resolved.