CVE-2003-1086

Name of the Vulnerable Software and Affected Versions pMachine versions 2.2 through 2.2.1 pMachine Pro versions 2.2 through 2.2.1

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the pm path parameter to reference a URL on a remote web server that contains the code. This is a result of a PHP remote file inclusion vulnerability in the pm/lib.inc.php file.

Recommendations For pMachine versions 2.2 through 2.2.1, avoid using the pm path parameter to reference external URLs until a fix is available. For pMachine Pro versions 2.2 through 2.2.1, restrict access to the pm/lib.inc.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.