Lucene search

[email protected]CVE-2007-4935

HistorySep 18, 2007 - 6:17 p.m.

CVE-2007-4935

2007-09-1818:17:00

CWE-94

[email protected]

web.nvd.nist.gov

php

remote file inclusion

security vulnerability

phpffl 1.24

cve-2007-4935

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php. NOTE: the program_files/livedraft/admin.php and program_files/livedraft/livedraft.php vectors are covered by CVE-2007-4934.

CPENameOperatorVersion
phpffl:phpfflphpffleq1.24

CPE	Name	Operator	Version
phpffl:phpffl	phpffl	eq	1.24

References

arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/

osvdb.org/39650

osvdb.org/39651

osvdb.org/39652

osvdb.org/39653

osvdb.org/39654

osvdb.org/39655

osvdb.org/39656

osvdb.org/39657

osvdb.org/39658

osvdb.org/39659

osvdb.org/39660

secunia.com/advisories/26812

sourceforge.net/forum/forum.php?forum_id=735906

sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531

www.vupen.com/english/advisories/2007/3176

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2007-4935

prion2 cve1 canvas1