CVE-2007-5015

Name of the Vulnerable Software and Affected Versions Streamline PHP Media Server version 1.0-beta4

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the sl theme unix path parameter to various PHP files, including 'admin footer.php', 'info footer.php', 'theme footer.php', 'browse footer.php', 'account footer.php', and 'search footer.php' in 'core/theme/includes/'. This vulnerability is only present if the administrator does not follow installation instructions regarding the requirement for .htaccess Limit support.

Recommendations For Streamline PHP Media Server version 1.0-beta4, as a temporary workaround, consider restricting access to the sl theme unix path parameter in the affected PHP files until a patch is available. Ensure that the administrator follows the installation instructions about the requirement for .htaccess Limit support to mitigate the risk of exploitation.