Vulnerabilities > CVE-2007-3585 - Input Validation vulnerability in MyCMS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mycms

exploit available

NVD

Published: 2007-07-05

Updated: 2017-09-29

Summary

PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Mycms Mycms Mycms *	1

Exploit-Db

description	MyCMS <= 0.9.8 Remote Command Execution Exploit (2 method). CVE-2007-3585,CVE-2007-3586. Webapps exploit for php platform
file	exploits/php/webapps/4144.php
id	EDB-ID:4144
last seen	2016-01-31
modified	2007-07-03
platform	php
port
published	2007-07-03
reporter	BlackHawk
source	https://www.exploit-db.com/download/4144/
title	MyCMS <= 0.9.8 - Remote Command Execution Exploit 2 method
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References