CVE-2007-5298

Name of the Vulnerable Software and Affected Versions: CMS Creamotion (affected versions not specified)

Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document uri] parameter to specific API endpoints: " administration/securite.php" and " administration/gestion configurations/save config.php".

Recommendations: For CMS Creamotion, consider disabling access to the administration/securite.php and administration/gestion configurations/save config.php endpoints until a patch is available. Avoid using the cfg[document uri] parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.