Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6289


Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6289
Last Modified 29 Sep 2009 04:46:31
Published 10 Dec 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.

Vulnerable Systems


  • Iptel Serweb 2.0.0dev1


BID - 26747

MILW0RM - 9284

MILW0RM - 4696

XF - serweb-multiple-scripts-file-include(38906)

Last Updated: 27 May 2016 10:46:26