CVE-2007-3085

Name of the Vulnerable Software and Affected Versions: PBSite versions (affected versions not specified)

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter to various PHP files, including "useronline.php", "ucp.php", "setcookie.php", "sendpm.php", "search.php", "register.php", "profile.php", "post.php", "pmpshow.php", "pm.php", "ntopic.php", "nreply.php", "news.php", "memberslist.php", "logout.php", "login.php", "index.php", "help.php", "forum.php", "error.php", "editpost.php", "delpost.php", "delpm.php", "confirm.php", "board.php", "admin2.php", "admin.php", or "templates/pb/css/formstyles.php". Additionally, the temppath parameter in several of these files is also vulnerable.

Recommendations: As a temporary workaround, consider disabling the dbpath and temppath parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files to minimize the risk of exploitation. Avoid using the dbpath and temppath parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.