CVE-2007-2609

Name of the Vulnerable Software and Affected Versions gnuedu version 1.3b2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in specific parameters. The vulnerable parameters include ETCDIR in files such as lom.php, lom update.php, check-lom.php, weigh keywords.php, and web/lom.php, and LIBSDIR in files like logout.php, help.php, index.php, and login.php.

Recommendations For gnuedu version 1.3b2, consider disabling the ETCDIR and LIBSDIR parameters in the affected files until a patch is available. Restrict access to the vulnerable scripts in the scripts/ directory and the web/ directory to minimize the risk of exploitation. Avoid using the ETCDIR and LIBSDIR parameters in the affected API endpoints until the issue is resolved.