CVE-2007-2097 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php (4) articlepages.php (5) articles.php (6) articleform.php (7) articlesections.php (8) createArticlesPage.php (9) guestbook.php (10) helpguide.php (11) helpguideeditor.php (12) links.php (13) upload.php (14) sitestatistics.php (15) nav.php (16) tpl_upload.php (17) linksections or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. NOTE: this issue is disputed by a third party who states that $includes_path is defined before use.

Reference

http://attrition.org/pipermail/vim/2007-April/001528.html http://securityreason.com/securityalert/2573 http://www.osvdb.org/34148 http://www.securityfocus.com/archive/1/465734/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33668