CVE-2009-0530

Name of the Vulnerable Software and Affected Versions SnippetMaster version 2.2.2

Description The issue allows remote attackers to execute arbitrary PHP code. This is possible due to multiple PHP remote file inclusion vulnerabilities when register globals is enabled. The vulnerabilities can be exploited via a URL in the (1) SESSION[SCRIPT PATH] parameter to "includes/vars.inc.php" and the (2) g pcltar lib dir parameter to "includes/tar lib/pcltar.lib.php".

Recommendations For SnippetMaster version 2.2.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/vars.inc.php and includes/tar lib/pcltar.lib.php files to minimize the risk of arbitrary PHP code execution. Avoid using the SESSION[SCRIPT PATH] and g pcltar lib dir parameters in the affected API endpoints until the issue is resolved.