Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4117

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4117
Last Modified 05 Sep 2008 05:27:26
Published 01 Aug 2007 12:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4117

Summary

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use.

Vulnerable Systems

Application

  • Platon Phpwebfilemanager 0.5


References

BUGTRAQ - 20070730 phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability

VIM - 20070731 WTF: phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability

XF - phpwebfilemanager-index-file-include(35690)

SREASON - 2940


Last Updated: 27 May 2016 10:45:46