CVE-2007-1415 Information
Description
Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php (i) options_file_box.php (j) options_list.php (k) options_query_list.php or (l) options_text.php in includes/options/; (m) options.php (n) options_comment.php (o) options_date_box.php (p) options_list.php (q) options_query_list.php or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php (t) admin/netbase/clean.php (u) admin/param/param_func.inc.php (v) admin/sauvegarde/lieux.inc.php (w) autorites.php (x) account.php (y) cart.php or (z) edit.php.
Reference
http://advisories.echo.or.id/adv/adv68-K-159-2007.txt http://www.osvdb.org/35101 http://www.osvdb.org/35102 http://www.osvdb.org/35103 http://www.osvdb.org/35104 http://www.osvdb.org/35105 http://www.osvdb.org/35106 http://www.osvdb.org/35107 http://www.osvdb.org/35108 http://www.osvdb.org/35109 http://www.osvdb.org/35110 http://www.osvdb.org/35111 http://www.osvdb.org/35112 http://www.osvdb.org/35113 http://www.osvdb.org/35114 http://www.osvdb.org/35115 http://www.osvdb.org/35116 http://www.osvdb.org/35117 http://www.osvdb.org/35118 http://www.osvdb.org/35119 http://www.osvdb.org/35120 http://www.osvdb.org/35121 http://www.osvdb.org/35122 http://www.osvdb.org/35123 http://www.osvdb.org/35124 http://www.osvdb.org/35125 http://www.securityfocus.com/archive/1/462452/100/0/threaded http://www.securityfocus.com/bid/22895 http://www.vupen.com/english/advisories/2007/0917 https://exchange.xforce.ibmcloud.com/vulnerabilities/32890 https://www.exploit-db.com/exploits/3443
Share on: