CVE-2007-3586

Published: Jul 5, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.

Affected (1)

Products: Mycms: Mycms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mycms Mycms	Up to 0.9.8

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://osvdb.org/45778

Source: cve@mitre.org

http://www.securityfocus.com/bid/24757

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/35254

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4144

Source: cve@mitre.org

http://osvdb.org/45778

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24757

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/35254

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/4144

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.