CVE-2007-5631

Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/45495
http://osvdb.org/45496
http://osvdb.org/45497
http://osvdb.org/45498
http://osvdb.org/45499
http://osvdb.org/45500
http://osvdb.org/45501
http://www.myelin.co.nz/post/2007/11/12/#200711121
http://www.securityfocus.com/archive/1/483571/100/0/threaded
http://www.securityfocus.com/bid/26147
https://exchange.xforce.ibmcloud.com/vulnerabilities/37349
https://www.exploit-db.com/exploits/4551
http://osvdb.org/45495
http://osvdb.org/45496
http://osvdb.org/45497
http://osvdb.org/45498
http://osvdb.org/45499
http://osvdb.org/45500
http://osvdb.org/45501
http://www.myelin.co.nz/post/2007/11/12/#200711121
http://www.securityfocus.com/archive/1/483571/100/0/threaded
http://www.securityfocus.com/bid/26147
https://exchange.xforce.ibmcloud.com/vulnerabilities/37349
https://www.exploit-db.com/exploits/4551

Configurations

Configuration 1 (hide)

cpe:2.3:a:peopleaggregator:peopleaggregator:1.2pre6:*:*:*:*:*:*:*

History

21 Nov 2024, 00:38

Type	Values Removed	Values Added
References	~~() http://osvdb.org/45495 -~~	() http://osvdb.org/45495 -
References	~~() http://osvdb.org/45496 -~~	() http://osvdb.org/45496 -
References	~~() http://osvdb.org/45497 -~~	() http://osvdb.org/45497 -
References	~~() http://osvdb.org/45498 -~~	() http://osvdb.org/45498 -
References	~~() http://osvdb.org/45499 -~~	() http://osvdb.org/45499 -
References	~~() http://osvdb.org/45500 -~~	() http://osvdb.org/45500 -
References	~~() http://osvdb.org/45501 -~~	() http://osvdb.org/45501 -
References	~~() http://www.myelin.co.nz/post/2007/11/12/#200711121 -~~	() http://www.myelin.co.nz/post/2007/11/12/#200711121 -
References	~~() http://www.securityfocus.com/archive/1/483571/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/483571/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/26147 -~~	() http://www.securityfocus.com/bid/26147 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/37349 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/37349 -
References	~~() https://www.exploit-db.com/exploits/4551 -~~	() https://www.exploit-db.com/exploits/4551 -

Information

Published : 2007-10-23 17:46

Updated : 2024-11-21 00:38

NVD link : CVE-2007-5631

Mitre link : CVE-2007-5631

CVE.ORG link : CVE-2007-5631

JSON object : View

Products Affected

peopleaggregator

peopleaggregator

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

6.8 /10