CVE-2007-2939

Name of the Vulnerable Software and Affected Versions Mazen's PHP Chat version 3.0.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to specific PHP files, including (1) ITX.php, (2) IT Error.php, or (3) IT.php in the include/pear/ directory.

Recommendations For Mazen's PHP Chat version 3.0.0, consider restricting access to the include/pear/ directory to minimize the risk of exploitation. As a temporary workaround, avoid using the basepath parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.