CVE-2007-2545 Information
Description
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php (2) files/blocks/latest_files.php (3) filters/headerfile.php (4) forums/blocks/latest_posts.php (5) groups/headerfile.php (6) links/blocks/links.php (7) menu/headerfile.php (8) news/blocks/latest_news.php (9) settings/headerfile.php or (10) users/headerfile.php in modules/.
Reference
http://osvdb.org/37767 http://osvdb.org/37768 http://osvdb.org/37769 http://osvdb.org/37770 http://osvdb.org/37771 http://osvdb.org/37772 http://osvdb.org/37773 http://osvdb.org/37774 http://osvdb.org/37775 http://osvdb.org/37776 http://www.securityfocus.com/bid/23828 http://www.vupen.com/english/advisories/2007/1671 https://exchange.xforce.ibmcloud.com/vulnerabilities/34102 https://www.exploit-db.com/exploits/3853
Share on: