PT-2007-2155 · Phpeventman · Phpeventman
Mehmet Ince
·
Published
2007-02-04
·
Updated
2017-10-19
·
CVE-2007-0702
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpEventMan version 1.0.2
Description
The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the
level parameter to specific PHP files, including Shared/controller/text.ctrl.php and UserMan/controller/common.function.php.Recommendations
For phpEventMan version 1.0.2, consider restricting access to the
level parameter in the affected PHP files until a patch is available. As a temporary workaround, disabling the execution of remote files in these parameters can help minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpeventman