CVE-2007-3297

Name of the Vulnerable Software and Affected Versions Musoo version 0.21

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini array][EXTLIB PATH] parameter to specific PHP files, including (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.

Recommendations For Musoo version 0.21, consider restricting access to the msDb.php, modules/MusooTemplateLite.php, and modules/SoundImporter.php files to minimize the risk of exploitation. Avoid using the GLOBALS[ini array][EXTLIB PATH] parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.