Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4181

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4181
Last Modified 05 Sep 2008 05:27:36
Published 07 Aug 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4181

Summary

** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request.

Vulnerable Systems

Application

  • Pluck 4.3


References

BUGTRAQ - 20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure

VIM - 20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure

MISC - http://outlaw.aria-security.info/?p=12

XF - pluck-theme-file-include(35756)

SREASON - 2973


Last Updated: 27 May 2016 10:45:47