PHP Remote File Inclusion Vulnerabilities in phpWCMS XT by phpwcms
CVE-2007-5185

Currently unrated

Key Information:

Vendor

PHPwcms-xt

Status
PHPwcms-xt
Vendor
CVE Published:
3 October 2007

What is CVE-2007-5185?

phpWCMS XT contains multiple vulnerabilities that enable remote attackers to exploit PHP remote file inclusion by manipulating the HTML_MENU_DirPath parameter. This flaw, present in certain scripts of the template's navigation configuration, permits the execution of arbitrary PHP code, potentially compromising the integrity and security of the affected web applications.

References

http://osvdb.org/38591
vdb-entryx_refsource_OSVDB
https://www.exploit-db.com/exploits/4477
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/25879
vdb-entryx_refsource_BID

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.