Vulnerability Name: | CVE-2007-5100 (CCN-38368) | ||||||||
Assigned: | 2007-09-22 | ||||||||
Published: | 2007-09-22 | ||||||||
Updated: | 2011-03-08 | ||||||||
Summary: | Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:W/RC:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:W/RC:C)
| ||||||||
Vulnerability Type: | CWE-94 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-5100 Source: OSVDB Type: UNKNOWN 38723 Source: OSVDB Type: UNKNOWN 38724 Source: OSVDB Type: UNKNOWN 38725 Source: CCN Type: SA26888 phpBB2 Plus "phpbb_root_path" Multiple File Inclusion Source: SECUNIA Type: Vendor Advisory 26888 Source: CCN Type: OSVDB ID: 38723 phpBB Plus language/lang_german/lang_admin_album.php phpbb_root_path Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 38724 phpBB Plus language/lang_english/lang_main_album.php phpbb_root_path Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 38725 phpBB Plus language/lang_english/lang_admin_album.php phpbb_root_path Parameter Remote File Inclusion Source: CCN Type: phpBB Web site phpBB2.de :: phpBB, phpBB2 und phpBB3 Support-Forum Source: CCN Type: phpBB Plus Support Forum, Sat 22 Sep, 2007 21:24 phpBB2 Plus 1.53a Language File Vulnerable Source: CONFIRM Type: Patch http://www.phpbb2.de/ftopic45218.html Source: BID Type: UNKNOWN 25776 Source: CCN Type: BID-25776 PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2007-3247 Source: XF Type: UNKNOWN phpbbplus-multiple-file-include(38368) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |