CVE-2007-2710

Name of the Vulnerable Software and Affected Versions NagiosQL versions 2.00-P00 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter in the functions/prepend adm.php file.

Recommendations For NagiosQL versions 2.00-P00 and earlier, consider restricting access to the functions/prepend adm.php file until a patch is available. Avoid using the SETS[path][IT] parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.