CVE-2008-4529

Name of the Vulnerable Software and Affected Versions asiCMS alpha version 0.208

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the ENV[asicms][path] parameter to various PHP files in the classes/Auth/OpenID/ and classes/Auth/Yadis/ directories. This includes files such as Association.php, BigMath.php, and XRDS.php.

Recommendations For asiCMS alpha version 0.208, consider restricting access to the vulnerable parameters, such as ENV[asicms][path], to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of PHP code from remote URLs until a patch is available. Avoid using the ENV[asicms][path] parameter in the affected API endpoints until the issue is resolved.