CVE-2008-2854

Name of the Vulnerable Software and Affected Versions Orlando CMS version 0.6

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the preloc parameter to specific PHP files, including "modules/core/logger/init.php" and "AJAX/newscat.php".

Recommendations For Orlando CMS version 0.6, consider restricting access to the modules/core/logger/init.php and AJAX/newscat.php files until a patch is available. As a temporary workaround, avoid using the preloc parameter in these files to minimize the risk of exploitation.