CVE-2007-5565

Name of the Vulnerable Software and Affected Versions phpSCMS versions 0.0.1-Alpha1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter in the includes/functions.php file. This is a remote file inclusion issue. Note that the identified code is in a function that is not accessible via direct request, which is disputed by some sources.

Recommendations For phpSCMS version 0.0.1-Alpha1, as a temporary workaround, consider restricting access to the includes/functions.php file or the dir parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.