CVE-2009-0513

Name of the Vulnerable Software and Affected Versions WebFrame version 0.76

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to specific PHP files, including (1) 'admin/doc/index.php', (2) 'index.php', and (3) 'base/menu.php' in the 'mod/' directory.

Recommendations For WebFrame version 0.76, consider restricting access to the classFiles parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the classFiles parameter in the specified API endpoints.