CVE-2007-6652
CVE-2007-6652 affects XCMS 1.83 and earlier. The flaw lies in cpie.php which redirects without exiting, enabling direct static code injection via the testo_0 parameter in a cpie admin action to index.php and resulting in writes to dati/generali/footer.dtb (the XCMS footer). This can allow remote ...