[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2199Date: (C)2007-04-24   (M)2023-12-22


PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/466687/100/0/threaded
http://www.attrition.org/pipermail/vim/2007-May/001618.html
http://www.securityfocus.com/archive/1/478503/100/0/threaded
BID-23613
BID-23708
BID-24660
SECUNIA-25230
BID-25528
OSVDB-34803
OSVDB-36009
EXPLOIT-DB-3781
EXPLOIT-DB-3915
EXPLOIT-DB-4111
ADV-2007-1511
cjgexplorerpro-pcltarpcltrace-file-include(34273)
http://www.hackers.ir/advisories/joomla.html
joomla-pcltar-file-include(33837)
phpsitebackup-pcltarlib-file-include(35092)

CWE    1
CWE-94

© SecPod Technologies