CVE-2007-5600

Artmedic Webdesign Artmedic Cms < 3.4 - Code Injection

Title source: rule

Description

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by iNs · textwebappsphp

https://www.exploit-db.com/exploits/4538

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4538

Scores

EPSS 0.0353

EPSS Percentile 87.7%

Details

CWE

CWE-94

Status published

Products (1)

artmedic_webdesign/artmedic_cms < 3.4

Published Oct 19, 2007

Tracked Since Feb 18, 2026