CVE-2008-0450

Name of the Vulnerable Software and Affected Versions BLOG:CMS version 4.2.1.c

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the DIR PLUGINS parameter to "index.php", and the DIR LIBS parameter to "media.php" and "xmlrpc/server.php" in the admin directory.

Recommendations For BLOG:CMS version 4.2.1.c, consider disabling the DIR PLUGINS and DIR LIBS parameters in the affected API endpoints until a patch is available. Restrict access to "index.php", "media.php", and "xmlrpc/server.php" to minimize the risk of exploitation. Avoid using the DIR PLUGINS and DIR LIBS parameters in the affected API endpoints until the issue is resolved.