CVE-2007-6396

Name of the Vulnerable Software and Affected Versions Flat PHP Board versions 1.2 and earlier

Description A direct static code injection issue allows remote attackers to inject arbitrary PHP code via the username, password, and email parameters when registering a user account. This injected code can be executed by accessing the user's PHP file for the account. Similar code injection might also be possible in a user profile.

Recommendations For Flat PHP Board versions 1.2 and earlier, as a temporary workaround, consider restricting access to the user registration functionality and the affected PHP files until a fix is available. Avoid using the username, password, and email parameters in the registration process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.