3 matches found
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 SERWEBconfigdir parameter to loadlang.php, 2 SERWEBfunctionsdir parameter to mainprepend.php, and the 3 PHPLIBlibdir parameter to...
Immunity Canvas: SERWEB_INCLUDE
Name| serwebinclude ---|--- CVE| CVE-2007-3358 Exploit Pack| CANVAS Description| SerWeb Include Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: iptel.org CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3358 CVE Name: CVE-2007-3358...
CVE-2007-3358
The CVE-2007-3358 entry affects SerWeb 0.9.6 and earlier, with a PHP remote file inclusion vulnerability in html/load_lang.php. The underlying flaw is that the _SERWEB[serwebdir] parameter can be used to supply a URL, allowing an attacker to execute arbitrary PHP code remotely. Connected sources ...