PHP Remote File Inclusion Vulnerabilities in phpXmms 1.0 by phpXmms
CVE-2007-1053

Currently unrated

Key Information:

Vendor: Warped Systems
Status: PHPxmms
Vendor: CVE Published:; 21 February 2007

🔔 Create Warped Systems Vulnerability Alert

What is CVE-2007-1053?

Multiple remote file inclusion vulnerabilities exist in phpXmms 1.0, allowing remote attackers to execute arbitrary PHP code through a manipulated URL in the 'tcmdp' parameter. Attackers target specific scripts (phpxmmsb.php and phpxmmst.php) to exploit these vulnerabilities. However, it should be noted that the initialization of the 'tcmdp' variable is asserted to be secure by a third-party source, leading to some dispute concerning this vulnerability.

References

http://attrition.org/pipermail/vim/2007-February/001365.html

mailing-listx_refsource_VIM

http://securityreason.com/securityalert/2273

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/460618/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 21, 2007
Vulnerability Reserved
Feb 21, 2007

JSON