CVE-2009-4472

Name of the Vulnerable Software and Affected Versions PHPope versions 1.0.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the following parameters: GLOBALS[config][dir][plugins] to "plugins/address/admin/index.php", GLOBALS[config][dir][functions] to "plugins/im/compose.php", and GLOBALS[config][dir][classes] to "plugins/cssedit/admin/index.php".

Recommendations For PHPope versions 1.0.0 and earlier, consider disabling access to the affected plugins, specifically the plugins/address/admin/index.php, plugins/im/compose.php, and plugins/cssedit/admin/index.php endpoints, until a patch is available. Restrict the use of the GLOBALS[config][dir][plugins], GLOBALS[config][dir][functions], and GLOBALS[config][dir][classes] parameters to minimize the risk of exploitation.