CVE-2007-3963

Name of the Vulnerable Software and Affected Versions: UseBB versions 1.0.7 and possibly other 1.0.x versions

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO (PHP SELF) to specific PHP files in the install/ directory, including (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php.

Recommendations: For UseBB version 1.0.7, consider restricting access to the install/ directory until a fix is available. For other potentially affected 1.0.x versions, restrict access to the install/ directory and its files, specifically upgrade-0-2-3.php, upgrade-0-3.php, and upgrade-0-4.php, to minimize the risk of exploitation.