CVE-2007-1987

Name of the Vulnerable Software and Affected Versions PHPEcho CMS version 2.0

Description The issue allows remote attackers to potentially execute arbitrary PHP code. This is achieved via a URL in the plugin file parameter to "smarty/internals/core.load pulgins.php" or the root path parameter to "index.php". However, it's noted that the inclusion in the first case occurs within a function not called during a direct request, and in the second case, root path is defined in "config.php" before use.

Recommendations For PHPEcho CMS version 2.0, consider restricting access to the "smarty/internals/core.load pulgins.php" and "index.php" files to minimize the risk of exploitation. Avoid using the plugin file and root path parameters in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.