CVE-2005-2685

Name of the Vulnerable Software and Affected Versions SaveWebPortal version 3.4

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by making a direct request to the "admin/PhpMyExplorer/editerfichier.php" endpoint, then editing the desired file to contain the PHP code. For example, using the fichier parameter with a value such as "header.php" can demonstrate this exploit. It is noted that this vulnerability might stem from PhpMyExplorer, which is a separate package.

Recommendations For SaveWebPortal version 3.4, consider restricting access to the "admin/PhpMyExplorer/editerfichier.php" endpoint until a patch is available. As a temporary workaround, avoid using the fichier parameter in the affected endpoint to minimize the risk of exploitation.