CVE-2009-3511

Name of the Vulnerable Software and Affected Versions justVisual version 1.2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the fs jVroot parameter to specific API endpoints: "sites/site/pages/index.php", "sites/test/pages/contact.php", "system/pageTemplate.php", and "system/utilities.php".

Recommendations For justVisual version 1.2, consider restricting access to the fs jVroot parameter in the affected API endpoints until a patch is available. As a temporary workaround, disable the execution of remote PHP code via the fs jVroot parameter to prevent exploitation.