CVE-2009-0441

Name of the Vulnerable Software and Affected Versions TECHNOTE version 7.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the shop this skin path parameter when register globals is enabled. This is a different vector than previously identified issues.

Recommendations For TECHNOTE version 7.2, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the skin shop/standard/2 view body/body default.php file to minimize the risk of exploitation. Avoid using the shop this skin path parameter in the affected file until the issue is resolved.