CVE-2007-5056 – CMS Made Simple 1.2 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2007-5056

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. Una vulnerabilidad de inyección Eval en el archivo adodb-perf-module.inc.php en ADOdb Lite versiones 1.42 y anteriores, como es usado en productos como CMS Made Simple, SAPID CMF, Journalness, PacerCMS y Open-Realty, permite a atacantes remotos ejecutar código arbitrario por medio de secuencias PHP en el parámetro last_module. • https://www.exploit-db.com/exploits/4442 https://www.exploit-db.com/exploits/5091 https://www.exploit-db.com/exploits/5090 https://www.exploit-db.com/exploits/5098 https://www.exploit-db.com/exploits/5097 http://osvdb.org/40596 http://osvdb.org/41422 http://osvdb.org/41426 http://osvdb.org/41427 http://osvdb.org/41428 http://secunia.com/advisories/26928 http://secunia.com/advisories/28859 http://secunia.com/advisories/28873 http://secunia.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •