CVE-2007-2816

Name of the Vulnerable Software and Affected Versions ol'bookmarks version 0.7.4

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the root parameter to various PHP files in the themes/ directory, including (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1 top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1 left.php, and (13) frames1 center.php.

Recommendations For ol'bookmarks version 0.7.4, consider disabling access to the vulnerable PHP files in the themes/ directory until a patch is available. Restrict access to the root parameter to minimize the risk of exploitation.