CVE-2006-7019

Name of the Vulnerable Software and Affected Versions phpwcms versions 1.2.5-DEV and earlier phpwcms versions 1.1 before RC4

Description The issue allows remote attackers to execute arbitrary code via crafted arguments to the text evento and email eventonome evento parameters to "phpwcms code snippets/mail file form.php" and "sample ext php/mail file form.php", which is processed by the render PHPcode function.

Recommendations For phpwcms versions 1.2.5-DEV and earlier, consider disabling the render PHPcode function until a patch is available. For phpwcms versions 1.1 before RC4, avoid using the text evento and email eventonome evento parameters in the affected API endpoints until the issue is resolved.