Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4934

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2007-4934
Last Modified 07 Mar 2011 09:59:40
Published 18 Sep 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-4934

Summary

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.

Vulnerable Systems

Application

  • Phpffl 1.24


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531

VUPEN - ADV-2007-3176

BID - 25667

MILW0RM - 4406

OSVDB - 37086

OSVDB - 37085

XF - phpffl-livedraft-admin-file-include(36606)

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=735906

SECUNIA - 26812

MISC - http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/


Last Updated: 27 May 2016 10:46:01