CVE-2008-7034

Name of the Vulnerable Software and Affected Versions PHPEcho CMS version 2.0 rc3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the smarty compile path variable in the fetch function. This is a result of a PHP remote file inclusion vulnerability in the kernel/smarty/Smarty.class.php file.

Recommendations For PHPEcho CMS version 2.0 rc3, consider restricting access to the fetch function until a patch is available, and avoid using the smarty compile path variable in unspecified vectors to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.