CVE-2007-5802

Name of the Vulnerable Software and Affected Versions Firewolf Technologies Synergiser versions 1.2 RC1 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter of the index.php file. This can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.

Recommendations For Firewolf Technologies Synergiser versions 1.2 RC1 and earlier, consider restricting access to the index.php file until a fix is available. As a temporary workaround, avoid using the page parameter in the index.php file to minimize the risk of exploitation.