CVE-2007-6347

Name of the Vulnerable Software and Affected Versions ViArt CMS version 3.3.2 ViArt HelpDesk version 3.3.2 ViArt Shop Evaluation version 3.3.2 ViArt Shop Free version 3.3.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the root folder path parameter in the blocks/block site map.php file.

Recommendations For ViArt CMS version 3.3.2, avoid using the root folder path parameter in the affected API endpoint until the issue is resolved. For ViArt HelpDesk version 3.3.2, restrict access to the blocks/block site map.php file to minimize the risk of exploitation. For ViArt Shop Evaluation version 3.3.2, consider disabling the execution of PHP code in the blocks/block site map.php file as a temporary workaround. For ViArt Shop Free version 3.3.2, restrict access to the root folder path parameter in the blocks/block site map.php file to minimize the risk of exploitation.