Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5305

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5305
Last Modified 15 Nov 2008 02:00:33
Published 09 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5305

Summary

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

Vulnerable Systems

Application

  • Yannick Tanguy Else If Cms 0.6-beta


References

BID - 25951

BUGTRAQ - 20071006 Else If cms Multiple Remote vulnerabilities

OSVDB - 38658

OSVDB - 38657

OSVDB - 38656

OSVDB - 38655

OSVDB - 38654

OSVDB - 38653

OSVDB - 38652

OSVDB - 38651

OSVDB - 38650

OSVDB - 38649

XF - elseif-multiple-file-include(37011)

SREASON - 3204


Last Updated: 27 May 2016 10:46:08