CVE-2008-2888

Name of the Vulnerable Software and Affected Versions MiGCMS version 2.0.5

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the application[app root] parameter to specific PHP files, including collection.class.php and content image.class.php in the lib/obj/ directory.

Recommendations For MiGCMS version 2.0.5, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the collection.class.php and content image.class.php files in the lib/obj/ directory until a patch is available. Avoid using the application[app root] parameter in affected API endpoints until the issue is resolved.