CVE-2005-1054

Name of the Vulnerable Software and Affected Versions ModernBill versions 4.3.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter in the news.php file to reference a URL on a remote web server that contains the code. This can be done by accessing the /news.php endpoint and manipulating the DIR parameter to point to a malicious PHP script hosted on a remote server.

Recommendations For ModernBill versions 4.3.0 and earlier, update to a version later than 4.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the news.php file and limiting the ability to modify the DIR parameter to prevent remote code execution.