CVE-2008-0572

Name of the Vulnerable Software and Affected Versions Mindmeld version 1.2.0.10

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the MM GLOBALS[home] parameter to several PHP files, including (1) acweb/admin index.php, (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in the include/ directory.

Recommendations For Mindmeld version 1.2.0.10, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the MM GLOBALS[home] parameter in the affected API endpoints. Restrict access to the include/ directory to minimize the risk of exploitation.