Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4181


Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4181
Last Modified 05 Sep 2008 05:27:36
Published 07 Aug 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request.

Vulnerable Systems


  • Pluck 4.3


BUGTRAQ - 20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure

VIM - 20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure


XF - pluck-theme-file-include(35756)

SREASON - 2973

Last Updated: 27 May 2016 10:45:47