CVE-2007-6147

Name of the Vulnerable Software and Affected Versions IAPR COMMENCE version 1.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the php root path and sometimes the privilege root path parameter to various PHP scripts under multiple directories, including admin/includes/, admin/phase/, includes/, includes/page includes/, reviewer/includes/, reviewer/phase/, and user/phase/.

Recommendations For IAPR COMMENCE version 1.3, as a temporary workaround, consider restricting access to the vulnerable PHP scripts under the mentioned directories until a patch is available. Avoid using the php root path and privilege root path parameters in the affected scripts to minimize the risk of exploitation.