CVE-2007-6652 (xcms) |
|
| BugsAlert Home > CVE-2007-6652 (xcms) | |
|
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6652 Learn more about CVE-2007-6652 (xcms) |
|
| Tags: cve-2007-6652 xcms | |
Related Items |
|
|
CVE-2008-0675 (The Everything Development Engine)
|
|
|
CVE-2008-0101 (White_Dune)
|
|
|
FrSIRT - Debian Security Update Fixes Horde Local File Inclusion Vulnerability
|
|
|
CVE-2008-1041 (Matts Whois)
|
|
|
Exploit.HTML.Ascii.ac
|
|
|
CVE-2008-4908 (crossfire)
|
|
|
Fedora Security Update Fixes Cacti Remote SQL Injection Vulnerability
|
|
