CVE-2007-2891

Name of the Vulnerable Software and Affected Versions FirmWorX version 0.1.2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the bank data[root] parameter to modules/bank/includes/design/main.inc.php, or the fm data[root] parameter to includes/config/master.inc.php or includes/functions/master.inc.php.

Recommendations For FirmWorX version 0.1.2, consider disabling access to the modules/bank/includes/design/main.inc.php, includes/config/master.inc.php, and includes/functions/master.inc.php files until a patch is available. Avoid using the bank data[root] and fm data[root] parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.