CVE-2010-1216

Name of the Vulnerable Software and Affected Versions notsoPureEdit versions 1.4.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the content parameter when register globals is enabled. This is related to a remote file inclusion vulnerability in the templates/template.php file.

Recommendations For notsoPureEdit versions 1.4.1 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the templates/template.php file to minimize the risk of arbitrary PHP code execution. Avoid using the content parameter in URLs for the affected template.php file until the issue is resolved.