CVE-2007-5840

Name of the Vulnerable Software and Affected Versions SyndeoCMS version 2.5.01

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter. This is a different vector than previously identified issues.

Recommendations For SyndeoCMS version 2.5.01, consider restricting access to the main.inc.php file in the starnet/themes/c-sky directory to minimize the risk of exploitation. Avoid using the cmsdir parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.