CVE-2007-2899

Name of the Vulnerable Software and Affected Versions NavBoard version 2.6.0

Description A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters. This is demonstrated through the threadperpage parameter in an editconfig action.

Recommendations For NavBoard version 2.6.0, consider restricting access to the admin config.php file and avoid using the threadperpage parameter in the editconfig action until a patch is available. As a temporary workaround, restrict modifications to the data/config.php file to prevent arbitrary code injection.