Basic search

K
cveCve@mitre.orgCVE-2007-0167
HistoryJan 10, 2007 - 1:28 a.m.

CVE-2007-0167

2007-01-1001:28:00
NVD-CWE-Other
cve@mitre.org
web.nvd.nist.gov
20
cve-2007-0167
php
file inclusion
vulnerabilities
wgs-ppc
ppc search engine
remote code execution

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.29 Low

EPSS

Percentile

96.8%

Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.29 Low

EPSS

Percentile

96.8%

Related for CVE-2007-0167