Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4738

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4738
Last Modified 05 Feb 2009 12:00:00
Published 06 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4738

Summary

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Speedtech Stphplibrary 0.8.0


References

XF - speedtech-stphpimageshow-file-include(36417)

BID - 25525

SECUNIA - 26658

OSVDB - 39105

OSVDB - 39104

OSVDB - 39103

OSVDB - 39102

OSVDB - 39101

OSVDB - 39100

OSVDB - 39099

OSVDB - 39098

OSVDB - 39097

OSVDB - 39096

OSVDB - 39095

OSVDB - 39094

OSVDB - 39093

OSVDB - 39092

OSVDB - 39091

OSVDB - 39090

OSVDB - 39089

OSVDB - 39088

OSVDB - 39087

OSVDB - 39086

OSVDB - 39085

OSVDB - 39084

OSVDB - 39083

OSVDB - 39082

OSVDB - 39081

OSVDB - 39080

OSVDB - 39079

OSVDB - 39078

OSVDB - 39077

OSVDB - 39076

OSVDB - 39075

OSVDB - 39074

OSVDB - 39073


Last Updated: 27 May 2016 10:45:57