CVE-2007-3586

Name of the Vulnerable Software and Affected Versions MyCMS versions 0.9.8 and earlier

Description The issue allows remote attackers to inject arbitrary PHP code into specific files, which can then be included by games.php, potentially leading to code execution. This can be achieved via the score parameter or a login cookie. Programs that use games.php, such as snakep.php and tetrisp.php, might be affected.

Recommendations For MyCMS versions 0.9.8 and earlier, consider disabling the inclusion of user-supplied data in games.php until a patch is available. Restrict access to the score parameter and login cookies to minimize the risk of exploitation. Avoid using the score parameter in affected API endpoints until the issue is resolved.