[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-4636

Date: (C)2007-08-31   (M)2017-10-04 


Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-25486
OSVDB-38429
OSVDB-38430
OSVDB-38431
OSVDB-38432
OSVDB-38433
EXPLOIT-DB-4340
phpbg-rootdir-file-include(36348)

CWE    1
CWE-20

© 2013 SecPod Technologies