PT-2007-6159 · Unknown+2 · Open-Realty+5
Gold_M
·
Published
2007-09-24
·
Updated
2017-09-29
·
CVE-2007-5056
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ADODB Lite versions 1.42 and earlier
Description
A code execution issue exists due to an eval injection vulnerability in the adodb-perf-module.inc.php file. This allows remote attackers to execute arbitrary code via PHP sequences in the
last module parameter. The issue affects products that use ADOdb Lite, including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty.Recommendations
For ADOdb Lite versions 1.42 and earlier, consider disabling the
last module parameter in the adodb-perf-module.inc.php file as a temporary workaround until a patch is available. Restrict access to the adodb-perf-module.inc.php file to minimize the risk of exploitation.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adodb Lite
Cms Made Simple
Journalness
Open-Realty
Pacercms
Sapid Cmf