CVE-2008-2686

Name of the Vulnerable Software and Affected Versions Flux CMS version 1.5.0 and earlier

Description The issue allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.

Recommendations For Flux CMS version 1.5.0 and earlier, update to a version later than 1.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the webinc/bxe/scripts/loadsave.php file to minimize the risk of exploitation. Avoid using the XML parameter in the affected API endpoint until the issue is resolved.