Vulnerabilities > CVE-2007-3587 - Input Validation vulnerability in MyCMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | MyCMS <= 0.9.8 Remote Command Execution Exploit. CVE-2007-3587. Webapps exploit for php platform |
| file | exploits/php/webapps/4145.php |
| id | EDB-ID:4145 |
| last seen | 2016-01-31 |
| modified | 2007-07-03 |
| platform | php |
| port | |
| published | 2007-07-03 |
| reporter | BlackHawk |
| source | https://www.exploit-db.com/download/4145/ |
| title | MyCMS <= 0.9.8 - Remote Command Execution Exploit |
| type | webapps |