Back to search
CVE-2007-3586
Published: Jul 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
mycms-settings-games-command-execution(35254)
vdb-entry
x_refsource_XF
45778
vdb-entry
x_refsource_OSVDB
4144
exploit
x_refsource_EXPLOIT-DB
24757
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now