CVE-2007-5308

Name of the Vulnerable Software and Affected Versions: PHP Homepage M (phpHPm) version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the id parameter in a 'show' action when magic quotes gpc is disabled.

Recommendations: For PHP Homepage M (phpHPm) version 1.0, consider disabling the galerie.php script until a patch is available, or enable magic quotes gpc to mitigate the risk of SQL injection attacks. Avoid using the id parameter in the 'show' action until the issue is resolved.