Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5641

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5641
Last Modified 05 Feb 2009 12:00:00
Published 23 Oct 2007 05:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5641

Summary

Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.

Vulnerable Systems

Application

  • Phppm Php Project Management 0.8.10


References

XF - phpprojectmanagement-fullpath-file-include(37347)

BID - 26150

MILW0RM - 4549

SECUNIA - 27347

OSVDB - 41975

OSVDB - 41957

OSVDB - 41934

OSVDB - 41931

OSVDB - 41928

OSVDB - 41927

OSVDB - 41925

OSVDB - 41920

OSVDB - 41918

OSVDB - 41917

OSVDB - 41914

OSVDB - 41913

OSVDB - 41912

OSVDB - 41910

OSVDB - 41909

OSVDB - 41908

OSVDB - 41907

OSVDB - 41906

OSVDB - 41905


Last Updated: 27 May 2016 10:46:14