CVE-2007-3586 Information

Description

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter or (2) a _setby.txt file via a login cookie which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php (b) tetrisp.php and possibly other site-specific files.

Reference

http://osvdb.org/45778 http://www.securityfocus.com/bid/24757 https://exchange.xforce.ibmcloud.com/vulnerabilities/35254 https://www.exploit-db.com/exploits/4144