CVE-2007-6550

PMOS Help Desk <2.4 - Code Injection

Title source: llm

Description

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/4789

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/42662

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39274

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27032

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4789

[Third Party Advisory] http://secunia.com/advisories/28201

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4321

Scores

EPSS 0.0693

EPSS Percentile 91.4%

Details

CWE

CWE-94

Status published

Products (1)

pmos_helpdesk/pmos_helpdesk < 2.4

Published Dec 28, 2007

Tracked Since Feb 18, 2026