PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
References
Configurations
History
07 Nov 2023, 02:01
Type | Values Removed | Values Added |
---|---|---|
Summary | PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function |
Information
Published : 2007-08-25 00:17
Updated : 2024-08-07 15:15
NVD link : CVE-2007-4525
Mitre link : CVE-2007-4525
CVE.ORG link : CVE-2007-4525
JSON object : View
Products Affected
spip
- spip
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')