CVE-2007-5307

Name of the Vulnerable Software and Affected Versions: ELSEIF CMS version 0.6

Description: The issue arises when input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code. This can be achieved by uploading a .php file via the "externe/swfupload/upload.php" endpoint.

Recommendations: For ELSEIF CMS version 0.6, consider restricting access to the "externe/swfupload/upload.php" endpoint to prevent uploading of malicious .php files until a proper fix is applied. Additionally, as a temporary workaround, consider implementing input validation to prevent numeric parameters from matching alphanumeric parameter hash values.