PT-2007-1298 · Phpcms · Phpcms

Bugreporter

Published

2007-02-15

Updated

2017-07-29

CVE-2006-7019

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpwcms versions 1.2.5-DEV and earlier phpwcms versions 1.1 before RC4

Description The issue allows remote attackers to execute arbitrary code via crafted arguments to the text evento and email eventonome evento parameters to "phpwcms code snippets/mail file form.php" and "sample ext php/mail file form.php", which is processed by the render PHPcode function.

Recommendations For phpwcms versions 1.2.5-DEV and earlier, consider disabling the render PHPcode function until a patch is available. For phpwcms versions 1.1 before RC4, avoid using the text evento and email eventonome evento parameters in the affected API endpoints until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-7019

Affected Products

Phpcms

PT-2007-1298 · Phpcms · Phpcms

CVE-2006-7019

Related Identifiers

Affected Products

References · 6