CVE-2007-6581

Name of the Vulnerable Software and Affected Versions Social Engine version 2.0

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global lang parameter to various PHP files, including "header album.php", "header blog.php", "header group.php", "admin header album.php", "admin header blog.php", and "admin header group.php".

Recommendations For Social Engine version 2.0, consider restricting access to the global lang parameter in the affected PHP files until a patch is available. As a temporary workaround, disable the execution of arbitrary local files through these parameters to minimize the risk of exploitation.