CVE-2007-5934

Name of the Vulnerable Software and Affected Versions PEAR MDB2 versions prior to 2.5.0a1

Description The issue allows remote attackers to potentially use MDB2 as an indirect proxy or obtain sensitive information by submitting a URL string into a form field in an MDB2 application. This could be achieved by using a file:// URL or a URL for an intranet web site.

Recommendations For versions prior to 2.5.0a1, update to version 2.5.0a1 or later to resolve the issue. As a temporary workaround, consider restricting the interpretation of URL strings in form fields to prevent potential misuse.