CVE-2007-5114

Name of the Vulnerable Software and Affected Versions phpmyProfiler version 0.9.6b

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the pmp rel path parameter in the include/plugin/block.t.php file. This is due to a remote file inclusion vulnerability. Note that this issue is disputed because the applicable require once is in a function that is not called on a direct request.

Recommendations For phpmyProfiler version 0.9.6b, as a temporary workaround, consider restricting access to the pmp rel path parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.