Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4935

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4935
Last Modified 07 Mar 2011 09:59:40
Published 18 Sep 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4935

Summary

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php. NOTE: the program_files/livedraft/admin.php and program_files/livedraft/livedraft.php vectors are covered by CVE-2007-4934.

Vulnerable Systems

Application

  • Phpffl 1.24


References

VUPEN - ADV-2007-3176

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531

OSVDB - 39660

OSVDB - 39659

OSVDB - 39658

OSVDB - 39657

OSVDB - 39656

OSVDB - 39655

OSVDB - 39654

OSVDB - 39653

OSVDB - 39652

OSVDB - 39651

OSVDB - 39650

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=735906

SECUNIA - 26812

MISC - http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/


Last Updated: 27 May 2016 10:46:01