CVE-2007-2364

Name of the Vulnerable Software and Affected Versions burnCMS versions 0.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the root parameter to specific PHP files, including mysql.class.php or postgres.class.php in the lib/db/ directory, or authuser.php, misc.php, or connect.php in the lib/ directory.

Recommendations For burnCMS versions 0.2 and earlier, consider disabling access to the mysql.class.php, postgres.class.php, authuser.php, misc.php, and connect.php files until a patch is available. Restrict the use of the root parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.