CVE-2007-6550

Name of the Vulnerable Software and Affected Versions PMOS Help Desk versions 2.4 and earlier

Description The issue allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter in the form.php file. This is possible because form.php sends a redirect to the web browser but does not exit.

Recommendations For PMOS Help Desk versions 2.4 and earlier, consider disabling the form.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the options array parameter in the form.php file to minimize the risk of exploitation.