CVE-2008-2912

Name of the Vulnerable Software and Affected Versions Contenido CMS version 4.8.4

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the contenido path parameter to contenido/backend search.php, the cfg[path][contenido] parameter to multiple files in contenido/cronjobs/, the cfg[path][templates] parameter to files in contenido/, and the cfg[templates][right top blank] parameter to files in contenido/. This can be achieved by manipulating specific API endpoints, such as (a) contenido/backend search.php, (b) move articles.php, (c) move old stats.php, (d) optimize database.php, (e) run newsletter job.php, (f) send reminder.php, (g) session cleanup.php, and (h) setfrontenduserstate.php in contenido/cronjobs/, and (i) includes/include.newsletter jobs subnav.php and (j) plugins/content allocation/includes/include.right top.php in contenido/. The vulnerable parameters include contenido path, cfg[path][contenido], cfg[path][templates], and cfg[templates][right top blank].

Recommendations For Contenido CMS version 4.8.4, as a temporary workaround, consider disabling the contenido/backend search.php and other affected files until a patch is available. Restrict access to the vulnerable parameters contenido path, cfg[path][contenido], cfg[path][templates], and cfg[templates][right top blank] to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.