CVE-2010-2618

Name of the Vulnerable Software and Affected Versions AdaptCMS versions 2.0.0 Beta through 2.0.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter when register globals is enabled. This is due to a PHP remote file inclusion vulnerability in inc/smarty/libs/init.php.

Recommendations For AdaptCMS version 2.0.0 Beta, consider disabling the register globals setting to mitigate the risk of exploitation. For AdaptCMS version 2.0.1, consider disabling the register globals setting to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.