PT-2007-3541 · Unknown · Post Revolution

Inyexion

Published

2007-04-24

Updated

2018-10-16

CVE-2007-2201

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Post Revolution versions 6.6 through 7.0 RC2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the dir parameter to specific PHP files, such as common.php or themes/default/preview post completo.php.

Recommendations For Post Revolution versions 6.6 through 7.0 RC2, consider restricting access to the common.php and themes/default/preview post completo.php files until a patch is available. Avoid using the dir parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2201

Affected Products

Post Revolution

PT-2007-3541 · Unknown · Post Revolution

CVE-2007-2201

Related Identifiers

Affected Products

References · 10