CVE-2007-5298

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
09/10/2007
Last modified:
09/04/2025

Description

Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:creamotion:creamotion:.:*:*:*:*:*:*:*