Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5014


Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5014
Last Modified 15 Nov 2008 01:59:24
Published 20 Sep 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/ or (2) the lvc_include_dir parameter to modules/visitors2/include/ NOTE: the modules/visitors2/include/ vector is already covered by CVE-2006-4373. NOTE: vector 1 is disputed by CVE because PHP encounters a fatal instantiation error on a direct request for the file, before reaching the include statement.

Vulnerable Systems


  • Derek Leung Pslash 0.70


OSVDB - 38289

OSVDB - 38288


Last Updated: 27 May 2016 10:46:02