Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5117

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5117
Last Modified 05 Sep 2008 05:29:55
Published 27 Sep 2007 01:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5117

Summary

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.

Vulnerable Systems

Application

  • Frontaccounting 1.13


References

XF - frontaccounting-pathtoroot-file-include(36796)

BID - 25812

SECUNIA - 26962

MILW0RM - 4456

MISC - http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/


Last Updated: 27 May 2016 10:46:04