CVE-2007-2214

Name of the Vulnerable Software and Affected Versions DmCMS (affected versions not specified)

Description The issue concerns an unrestricted file upload vulnerability. It allows remote attackers to upload arbitrary PHP scripts. This can be achieved by placing a script's contents in both the File2 and File3 parameters and sending a request to the "ok.php?do=act" endpoint with a specific Referer.

Recommendations As a temporary workaround, consider restricting access to the includes/upload file.php script until a patch is available. Avoid using the File2 and File3 parameters in the affected endpoint until the issue is resolved. Restrict the upload of PHP files to prevent arbitrary script execution.