CVE-2006-7018

Name of the Vulnerable Software and Affected Versions phpwcms versions 1.2.5-DEV and earlier phpwcms versions 1.1 before RC4

Description The issue allows remote attackers to execute arbitrary code via a crafted argument to the nome evento parameter to "phpwcms code snippets/mail file form.php" and "sample ext php/mail file form.php", which is processed by the render PHPcode function.

Recommendations For phpwcms versions 1.2.5-DEV and earlier, update to a version later than 1.2.5-DEV to resolve the issue. For phpwcms versions 1.1 before RC4, update to version 1.1 RC4 or later to resolve the issue. As a temporary workaround, consider restricting access to the nome evento parameter in the affected API endpoints until a patch is available.