CVE-2007-4744

2007-09-0622:00:00

mitre

www.cve.org

7.5 High

AI Score

Confidence

High

0.153 Low

EPSS

Percentile

95.9%

JSON

PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.

References

secunia.com/advisories/26696

www.osvdb.org/36846

www.securityfocus.com/bid/25550

exchange.xforce.ibmcloud.com/vulnerabilities/36436

www.exploit-db.com/exploits/4365