CVE-2010-1922

Name of the Vulnerable Software and Affected Versions 29o3 CMS version 0.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to several PHP files, including "lib/page/pageDescriptionObject.php", "lib/layout/layoutHeaderFuncs.php", "lib/layout/layoutManager.php", and "lib/layout/layoutParser.php".

Recommendations For 29o3 CMS version 0.1, as a temporary workaround, consider restricting access to the LibDir parameter in the affected PHP files until a patch is available. Avoid using the LibDir parameter in the affected API endpoints until the issue is resolved.