CVE-2009-3506

Name of the Vulnerable Software and Affected Versions CMSphp version 0.21

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the cook user parameter to "index.php" or the name parameter to "modules.php".

Recommendations For CMSphp version 0.21, avoid using the cook user parameter in the "index.php" endpoint and the name parameter in the "modules.php" endpoint until the issue is resolved. Consider restricting access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.