CVE-2007-2142 Information

Description

Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php (2) connection.inc.php (3) events.inc.php (4) footer.inc.php (5) header.inc.php (6) menuleft.inc.php or (7) pages.inc.php in includes/.

Reference

http://osvdb.org/37565 http://osvdb.org/37566 http://osvdb.org/37567 http://osvdb.org/37568 http://osvdb.org/37569 http://osvdb.org/37570 http://osvdb.org/37571 http://www.securityfocus.com/bid/23525 http://www.vupen.com/english/advisories/2007/1428 https://exchange.xforce.ibmcloud.com/vulnerabilities/33703 https://www.exploit-db.com/exploits/3752