CVE-2007-5097

Name of the Vulnerable Software and Affected Versions Online Fantasy Football League (OFFL) version 0.2.6

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the DOC ROOT parameter in the lib/classes/offl nflteam.php file. However, it is noted that a FILE test protects offl nflteam.php against direct requests, which disputes the severity of this issue.

Recommendations For Online Fantasy Football League (OFFL) version 0.2.6, consider restricting access to the lib/classes/offl nflteam.php file to minimize the risk of exploitation. Avoid using the DOC ROOT parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.