Lucene search

[email protected]CVE-2007-4934

HistorySep 18, 2007 - 6:17 p.m.

CVE-2007-4934

2007-09-1818:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-4934

php

remote file inclusion

vulnerability

phpffl 1.24

url

nvd

7.8 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.071 Low

EPSS

Percentile

93.9%

JSON

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.

CPENameOperatorVersion
phpffl:phpfflphpffleq1.24

CPE	Name	Operator	Version
phpffl:phpffl	phpffl	eq	1.24

References

arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/

osvdb.org/37085

osvdb.org/37086

secunia.com/advisories/26812

sourceforge.net/forum/forum.php?forum_id=735906

sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531

www.securityfocus.com/bid/25667

www.vupen.com/english/advisories/2007/3176

exchange.xforce.ibmcloud.com/vulnerabilities/36606

www.exploit-db.com/exploits/4406

7.8 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.071 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2007-4934

prion2 canvas1 cve1