Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5178

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5178
Last Modified 07 Mar 2011 10:00:13
Published 03 Oct 2007 10:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5178

Summary

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.

Vulnerable Systems

Application

  • Mxbb Mx Glance 2.3.3


References

VUPEN - ADV-2007-3326

BID - 25866

MILW0RM - 4470

VIM - 20071001 Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability

OSVDB - 37400

XF - mxbb-mxglancesdesc-file-include(36867)

SECUNIA - 27011


Last Updated: 27 May 2016 10:46:06