Arbitrary Code Execution in phpwcms by phpwcms
CVE-2006-7019

Currently unrated

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 15 February 2007

What is CVE-2006-7019?

A vulnerability exists in phpwcms versions 1.2.5-DEV and earlier, and 1.1 before RC4, enabling remote attackers to execute arbitrary code by manipulating input parameters in the mail_file_form.php files. The affected parameters include text_evento and email_eventonome_evento, which are processed in a way that can lead to unauthorized command execution. This vulnerability poses significant risks as it allows attackers to exploit the application to execute malicious code remotely, potentially compromising the entire system.

References

http://secunia.com/advisories/19866

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/1556

vdb-entryx_refsource_VUPEN

http://www.phpwcms.de/forum/viewtopic.php?t=10958

x_refsource_MISC

Timeline

Vulnerability published
Feb 15, 2007
Vulnerability Reserved
Feb 14, 2007

JSON

PHPwcms

What is CVE-2006-7019?

References

Timeline