Arbitrary Code Execution in phpwcms by phpwcms
CVE-2006-7019

Currently unrated

Key Information:

Vendor

PHPwcms

Status
PHPwcms
Vendor
CVE Published:
15 February 2007

What is CVE-2006-7019?

A vulnerability exists in phpwcms versions 1.2.5-DEV and earlier, and 1.1 before RC4, enabling remote attackers to execute arbitrary code by manipulating input parameters in the mail_file_form.php files. The affected parameters include text_evento and email_eventonome_evento, which are processed in a way that can lead to unauthorized command execution. This vulnerability poses significant risks as it allows attackers to exploit the application to execute malicious code remotely, potentially compromising the entire system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/19866
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/1556
vdb-entryx_refsource_VUPEN
http://www.phpwcms.de/forum/viewtopic.php?t=10958
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.