Microsoft Groove Server 2007 Service Pack 2 is installed Microsoft Office Compatibility Pack SP3 is installed Microsoft Office Compatibility Pack SP2 is installed Microsoft Expression Web SP1 is installed Microsoft Office SharePoint Server 2007 SP3 is installed Microsoft Office SharePoint Server 2007 SP2 is installed Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables. In extreme cases, the attacker can change variables controlling the business logic of the application. An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization.
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth).