CVE-2007-4935

Name of the Vulnerable Software and Affected Versions: phpFFL version 1.24

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PHPFFL FILE ROOT parameter to various PHP files, including "admin.php", "custom pages.php", "draft.php", "faq.php", "leagues.php", "livedraft.php", "login.php", "my team.php", "profile.php", "signup.php", "statistics.php", "transactions.php", "program files/admin/custom pages.php", and "program files/common.php".

Recommendations: For phpFFL version 1.24, consider restricting access to the PHPFFL FILE ROOT parameter in the affected PHP files to minimize the risk of exploitation. As a temporary workaround, avoid using the PHPFFL FILE ROOT parameter in the specified API endpoints until the issue is resolved.