CVE-2007-4948

Name of the Vulnerable Software and Affected Versions Webmedia Explorer version 3.2.2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters, including path include to includes/rss.class.php, path template to templates/main.tpl.php or templates/folder messages link message name.tpl.php, and path templates to templates/sidebar.tpl.php. The vulnerability is only present if the administrator fails to follow installation instructions regarding .htaccess support.

Recommendations For Webmedia Explorer version 3.2.2, ensure that the administrator follows the installation instructions about the requirement for .htaccess support to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable parameters path include, path template, and path templates until the issue is resolved.