CVE-2010-1266

Name of the Vulnerable Software and Affected Versions WebMaid CMS versions 0.2-6 Beta and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in various parameters, including template, menu, events, and SITEROOT parameters to template/babyweb/index.php, modules and copyright parameters to template/calm/footer.php, menu parameter to template/calm/top.php, and modules, copyright, and menu parameters to template/wm025/footer.php.

Recommendations For WebMaid CMS versions 0.2-6 Beta and earlier, consider disabling the template/babyweb/index.php, template/calm/footer.php, template/calm/top.php, and template/wm025/footer.php templates until a patch is available. Restrict access to the modules, copyright, menu, template, events, and SITEROOT parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.