2 matches found
Postguestbook CONF_CONFIG_PATH Parameter PHP Code Execution - Ver2 (CVE-2007-1372)
A code execution vulnerability has been reported in Postguestbook. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2007-1372
CVE-2007-1372 is a PHP remote file inclusion vulnerability in the PostGuestbook 0.6.1 module for PHP-Nuke. The underlying issue is an insecure handling of the tpl_pgb_moddir parameter in styles/internal/header.php, allowing an attacker to supply a URL and remotely execute arbitrary PHP code. The ...