CVE-2007-5600

Name of the Vulnerable Software and Affected Versions Artmedic CMS versions 3.4 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via specific pathways, including UNC share pathnames or certain URLs, by exploiting an incomplete blacklist in the page parameter of index.php. This is possible because PHP remote file inclusion is only blocked for http, https, and ftp URLs, leaving other types of URLs vulnerable.

Recommendations For Artmedic CMS versions 3.4 and earlier, consider restricting access to the index.php file until a patch is available, and avoid using the page parameter with UNC share pathnames or ftps, ssh2.sftp, and ssh2.scp URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.