CVE-2007-5185

Name of the Vulnerable Software and Affected Versions phpWCMS XT versions 0.0.7 BETA and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the HTML MENU DirPath parameter to specific PHP files, including (1) config HTML MENU.php and (2) config PHPLM.php in the phpwcms template/inc script/frontend render/navigation/ directory.

Recommendations For phpWCMS XT versions 0.0.7 BETA and earlier, consider restricting access to the config HTML MENU.php and config PHPLM.php files until a patch is available. Avoid using the HTML MENU DirPath parameter in the affected API endpoints until the issue is resolved.