RSS   Vulnerabilities for 'CMS'   RSS

2007-12-04
 
CVE-2007-6218

CWE-20
 

 
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.

 

 >>> Vendor: Ossigeno 2 Products
CMS
Ossigeno


Copyright 2024, cxsecurity.com

 

Back to Top