PT-2007-7070 · Charray · Charray'S Cms

Mhz91

Published

2007-11-30

Updated

2017-09-29

CVE-2007-6179

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Charray's CMS version 0.9.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the ccms library path parameter to specific PHP files, including 'markdown.php' and 'gallery.php' in the 'decoder/' directory.

Recommendations For Charray's CMS version 0.9.3, consider restricting access to the markdown.php and gallery.php files in the 'decoder/' directory until a patch is available. Avoid using the ccms library path parameter in these files to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-6179

Affected Products

Charray'S Cms

PT-2007-7070 · Charray · Charray'S Cms

CVE-2007-6179

Weakness Enumeration

Related Identifiers

Affected Products

References · 7