CVE-2007-6129

Name of the Vulnerable Software and Affected Versions Amber Script version 1.0

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This can be achieved by using a .. (dot dot) in the id parameter. In certain environments, this issue can be leveraged for remote file inclusion by utilizing a UNC share pathname or a URL starting with ftp, ftps, or ssh2.sftp.

Recommendations For Amber Script version 1.0, consider restricting access to the show content.php script in the scripts/include directory until a patch is available. As a temporary workaround, avoid using the id parameter in the affected script to minimize the risk of exploitation.