Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4169

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4169
Last Modified 15 Nov 2008 01:56:05
Published 07 Aug 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4169

Summary

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 1 because the applicable include_once is located in a function that is not called on a direct request, and because $dirpath is an argument to this function. CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable.

Vulnerable Systems

Application

  • Vgallite


References

XF - vgallite-index-file-include(35819)

BUGTRAQ - 20070804 ALL vgallite Remote File Include

SREASON - 2963

OSVDB - 46803


Last Updated: 27 May 2016 10:45:46