CVE-2007-3587

Name of the Vulnerable Software and Affected Versions MyCMS versions 0.9.8 and earlier

Description The issue allows remote attackers to gain privileges by exploiting the admin cookie parameter. This can be achieved by sending a post request to "admin/settings.php" that injects PHP code into settings.inc, which can then be executed via a direct request to "index.php".

Recommendations For MyCMS versions 0.9.8 and earlier, as a temporary workaround, consider restricting access to the "admin/settings.php" endpoint and avoid using the admin cookie parameter until a fix is available.