CVE-2007-2156 Information
Description
Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php (2) footer.inc.php (3) header.inc.php and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php (6) monatsuebersicht.inc.php (7) jahresuebersicht.inc.php and (8) tagesuebersicht.inc.php in belegungsplan/.
Reference
http://osvdb.org/35006 http://osvdb.org/35007 http://osvdb.org/35008 http://osvdb.org/35009 http://osvdb.org/35010 http://osvdb.org/35011 http://osvdb.org/35012 http://osvdb.org/35013 http://secunia.com/advisories/24926 http://www.securityfocus.com/bid/23550 http://www.vupen.com/english/advisories/2007/1448 https://exchange.xforce.ibmcloud.com/vulnerabilities/33737 https://www.exploit-db.com/exploits/3763
Share on: