CVE-2007-4950

Name of the Vulnerable Software and Affected Versions PHPortal version 0.2.7

Description A remote file inclusion issue in form/db form/employee.php allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT parameter. However, it is noted that this issue is disputed since the DOCUMENT ROOT cannot be modified by an attacker.

Recommendations For PHPortal version 0.2.7, as a temporary workaround, consider restricting access to the form/db form/employee.php file until a patch is available. Avoid using the DOCUMENT ROOT parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.