CVE-2007-0551

Name of the Vulnerable Software and Affected Versions CMSimple version 2.7

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the pth[file][config] and pth[file][image] parameters.

Recommendations For CMSimple version 2.7, consider restricting access to the cms.php file until a patch is available. As a temporary workaround, avoid using the pth[file][config] and pth[file][image] parameters in the affected API endpoint until the issue is resolved.