CVE-2010-1335

Name of the Vulnerable Software and Affected Versions Insky CMS versions 006 through 0111

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved by providing a URL in the ROOT parameter to various API endpoints, including "city.get/city.get.php", "city.get/index.php", "message2.send/message.send.php", "message.send/message.send.php", and "pages.add/pages.add.php" in insky/modules/.

Recommendations For Insky CMS versions 006 through 0111, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable API endpoints until a fix is available. As a temporary workaround, avoid using the ROOT parameter in the affected endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.