CVE-2010-2145

Name of the Vulnerable Software and Affected Versions ClearSite versions prior to the fixed version, possibly including Beta 4.50

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cs base path parameter to API endpoints such as "docs.php" and "include/admin/device admin.php". This may be due to a variable extraction error.

Recommendations For ClearSite Beta 4.50 and possibly other affected versions, consider restricting access to the docs.php and include/admin/device admin.php API endpoints until a patch is available. Avoid using the cs base path parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.