CVE-2007-5163

Name of the Vulnerable Software and Affected Versions Nexty version 1.01.A Beta

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter in the includes/functions/layout.php file. This is disputed because the applicable include is in a function that is not called on a direct request.

Recommendations For Nexty version 1.01.A Beta, as a temporary workaround, consider restricting access to the includes/functions/layout.php file or disabling the functionality that uses the rel parameter until a patch is available. Avoid using the rel parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.