CVE-2010-3209

Name of the Vulnerable Software and Affected Versions Seagull version 0.6.7

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php.

Recommendations For Seagull version 0.6.7, consider restricting access to the includeFile, driverpath, and path parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in the affected files, specifically Config/Container.php, HTML/QuickForm.php, DB/NestedSet.php, and DB/NestedSet/Output.php.