Remote File Inclusion Vulnerability in BlooFoxCMS by BlooFox
CVE-2007-2311

Currently unrated

Key Information:

Vendor: Bloofoxcms
Status: Bloofoxcms
Vendor: CVE Published:; 26 April 2007

What is CVE-2007-2311?

BlooFoxCMS 0.2.2 contains a PHP remote file inclusion flaw in the install/index.php file, which may allow an attacker to execute arbitrary PHP code by injecting a malicious URL into the content_php parameter. While there are disputes regarding the initialization of content_php before use, the potential for exploitation underscores the need for users to be aware of this vulnerability and ensure their installations are secured against unauthorized access.

References

http://www.securityfocus.com/archive/1/465739/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.attrition.org/pipermail/vim/2007-April/001526....

mailing-listx_refsource_VIM

http://securityreason.com/securityalert/2641

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Apr 26, 2007
Vulnerability Reserved
Apr 26, 2007

JSON

Bloofoxcms

What is CVE-2007-2311?

References

Timeline