CVE-2010-2341

Name of the Vulnerable Software and Affected Versions EZPX Photoblog version 1.2 beta

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the tpl base dir parameter in the system/application/views/public/commentform.php file.

Recommendations For EZPX Photoblog version 1.2 beta, avoid using the tpl base dir parameter in the affected file until the issue is resolved. Restrict access to the system/application/views/public/commentform.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.