CVE-2007-4525

Name of the Vulnerable Software and Affected Versions SPIP version 1.7.2

Description A remote file inclusion issue in SPIP allows remote attackers to potentially execute arbitrary PHP code. The issue is related to the squelette cache parameter in the inc-calcul.php3 file. However, it has been disputed by third-party researchers, who claim that the squelette cache variable is initialized before use and is only used within the scope of a function.

Recommendations For SPIP version 1.7.2, consider restricting access to the inc-calcul.php3 file until a patch is available. As a temporary workaround, avoid using the squelette cache parameter in the affected file to minimize the risk of exploitation.