CVE-2009-2182

Name of the Vulnerable Software and Affected Versions Campsite version 3.3.0 RC1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g campsiteDir] parameter to various PHP files, including "ad popup.php", "camp html.php", "init content.php", "logout.php", "menu.php", and "set-author.php" in the "admin-files/" directory, as well as other files in different directories.

Recommendations For Campsite version 3.3.0 RC1, consider restricting access to the GLOBALS[g campsiteDir] parameter to prevent remote file inclusion attacks. Additionally, restrict access to the affected PHP files, such as "ad popup.php", "camp html.php", "init content.php", "logout.php", "menu.php", and "set-author.php" in the "admin-files/" directory, until a patch is available. Avoid using the GLOBALS[g campsiteDir] parameter in the affected API endpoints until the issue is resolved.