ID CVE-2007-0150Type cveReporter cve@mitre.orgModified 2018-10-16T16:31:00
Description
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
{"id": "CVE-2007-0150", "bulletinFamily": "NVD", "title": "CVE-2007-0150", "description": "Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.", "published": "2007-01-09T18:28:00", "modified": "2018-10-16T16:31:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0150", "reporter": "cve@mitre.org", "references": ["http://osvdb.org/31259", "https://exchange.xforce.ibmcloud.com/vulnerabilities/31336", "http://secunia.com/advisories/23661", "http://www.securityfocus.com/archive/1/456212/100/0/threaded", "http://securityreason.com/securityalert/2117", "http://www.vupen.com/english/advisories/2007/0099"], "cvelist": ["CVE-2007-0150"], "type": "cve", "lastseen": "2020-10-03T11:45:48", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:31259"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7020"]}], "modified": "2020-10-03T11:45:48", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2020-10-03T11:45:48", "rev": 2}, "vulnersScore": 7.1}, "cpe": ["cpe:/a:dayfox_designs:dayfox_blog:4"], "affectedSoftware": [{"cpeName": "dayfox_designs:dayfox_blog", "name": "dayfox designs dayfox blog", "operator": "eq", "version": "4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:dayfox_designs:dayfox_blog:4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:dayfox_designs:dayfox_blog:4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-0150"], "description": "## Manual Testing Notes\nhttp://[target]/ScriptPath/index.php?page=[sheLL]\nhttp://[target]/ScriptPath/index.php?subject=[sheLL]\nhttp://[target]/ScriptPath/index.php?q=[sheLL]\n## References:\nVendor URL: http://hotscripts.com/Detailed/66344.html\nVendor URL: http://dayfoxdesigns.co.nr/\n[Secunia Advisory ID:23661](https://secuniaresearch.flexerasoftware.com/advisories/23661/)\nMail List Post: http://www.securityfocus.com/archive/1/archive/1/456212/100/0/threaded\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0190.html\nISS X-Force ID: 31336\nFrSIRT Advisory: ADV-2007-0099\n[CVE-2007-0150](https://vulners.com/cve/CVE-2007-0150)\n", "edition": 1, "modified": "2007-01-07T09:33:42", "published": "2007-01-07T09:33:42", "href": "https://vulners.com/osvdb/OSVDB:31259", "id": "OSVDB:31259", "title": "Dayfox Blog index.php Multiple Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-0159", "CVE-2007-0192", "CVE-2007-0154", "CVE-2007-0181", "CVE-2007-0143", "CVE-2007-0176", "CVE-2007-0189", "CVE-2007-0182", "CVE-2007-0149", "CVE-2007-0167", "CVE-2007-0156", "CVE-2007-0205", "CVE-2007-0151", "CVE-2007-0191", "CVE-2007-0155", "CVE-2007-0150", "CVE-2007-0112", "CVE-2007-0194", "CVE-2007-0153", "CVE-2007-0202"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-01-09T00:00:00", "published": "2007-01-09T00:00:00", "id": "SECURITYVULNS:VULN:7020", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7020", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}
