CVE-2007-2545

Name of the Vulnerable Software and Affected Versions Persism CMS versions 0.9.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to various PHP files, including blocks/headerfile.php, files/blocks/latest files.php, filters/headerfile.php, forums/blocks/latest posts.php, groups/headerfile.php, links/blocks/links.php, menu/headerfile.php, news/blocks/latest news.php, settings/headerfile.php, and users/headerfile.php.

Recommendations For Persism CMS versions 0.9.2 and earlier, as a temporary workaround, consider restricting access to the system[path] parameter in the affected PHP files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.