CVE - CVE-2007-1415

CVE-ID
CVE-2007-1415	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:22895 URL:http://www.securityfocus.com/bid/22895 BUGTRAQ:20070310 [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability URL:http://www.securityfocus.com/archive/1/462452/100/0/threaded EXPLOIT-DB:3443 URL:https://www.exploit-db.com/exploits/3443 MISC:http://advisories.echo.or.id/adv/adv68-K-159-2007.txt OSVDB:35101 URL:~~http://www.osvdb.org/35101~~ (Obsolete source) OSVDB:35102 URL:~~http://www.osvdb.org/35102~~ (Obsolete source) OSVDB:35103 URL:~~http://www.osvdb.org/35103~~ (Obsolete source) OSVDB:35104 URL:~~http://www.osvdb.org/35104~~ (Obsolete source) OSVDB:35105 URL:~~http://www.osvdb.org/35105~~ (Obsolete source) OSVDB:35106 URL:~~http://www.osvdb.org/35106~~ (Obsolete source) OSVDB:35107 URL:~~http://www.osvdb.org/35107~~ (Obsolete source) OSVDB:35108 URL:~~http://www.osvdb.org/35108~~ (Obsolete source) OSVDB:35109 URL:~~http://www.osvdb.org/35109~~ (Obsolete source) OSVDB:35110 URL:~~http://www.osvdb.org/35110~~ (Obsolete source) OSVDB:35111 URL:~~http://www.osvdb.org/35111~~ (Obsolete source) OSVDB:35112 URL:~~http://www.osvdb.org/35112~~ (Obsolete source) OSVDB:35113 URL:~~http://www.osvdb.org/35113~~ (Obsolete source) OSVDB:35114 URL:~~http://www.osvdb.org/35114~~ (Obsolete source) OSVDB:35115 URL:~~http://www.osvdb.org/35115~~ (Obsolete source) OSVDB:35116 URL:~~http://www.osvdb.org/35116~~ (Obsolete source) OSVDB:35117 URL:~~http://www.osvdb.org/35117~~ (Obsolete source) OSVDB:35118 URL:~~http://www.osvdb.org/35118~~ (Obsolete source) OSVDB:35119 URL:~~http://www.osvdb.org/35119~~ (Obsolete source) OSVDB:35120 URL:~~http://www.osvdb.org/35120~~ (Obsolete source) OSVDB:35121 URL:~~http://www.osvdb.org/35121~~ (Obsolete source) OSVDB:35122 URL:~~http://www.osvdb.org/35122~~ (Obsolete source) OSVDB:35123 URL:~~http://www.osvdb.org/35123~~ (Obsolete source) OSVDB:35124 URL:~~http://www.osvdb.org/35124~~ (Obsolete source) OSVDB:35125 URL:~~http://www.osvdb.org/35125~~ (Obsolete source) VUPEN:ADV-2007-0917 URL:~~http://www.vupen.com/english/advisories/2007/0917~~ (Obsolete source) XF:pmbservices-multiple-scripts-file-include(32890) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32890
Assigning CNA
MITRE Corporation
Date Record Created
20070312	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070312)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)