CVE-2007-3460

Name of the Vulnerable Software and Affected Versions EVA-Web versions 1.1 through 2.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the aide or perso parameter in the index.php3 file. This can be achieved by manipulating the URL to include malicious PHP code, potentially leading to unauthorized access or data compromise.

Recommendations For EVA-Web versions 1.1 through 2.2, consider restricting access to the index.php3 file or disabling the aide and perso parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.