CVE-2007-4934

Name of the Vulnerable Software and Affected Versions: phpFFL version 1.24

Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the PHPFFL FILE ROOT parameter to specific API endpoints, such as "program files/livedraft/livedraft.php" or "program files/livedraft/admin.php".

Recommendations: For phpFFL version 1.24, consider restricting access to the livedraft.php and admin.php files in the program files/livedraft directory to minimize the risk of exploitation. Avoid using the PHPFFL FILE ROOT parameter with untrusted input until the issue is resolved.