CVE-2007-3085 Information
Description
Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php (b) ucp.php (c) setcookie.php (d) sendpm.php (e) search.php (f) register.php (g) profile.php (h) post.php (i) pmpshow.php (j) pm.php (k) ntopic.php (l) nreply.php (m) news.php (n) memberslist.php (o) logout.php (p) login.php (q) index.php (r) help.php (s) forum.php (t) error.php (u) editpost.php (v) delpost.php (w) delpm.php (x) confirm.php (y) board.php (z) admin2.php (aa) admin.php or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php (c) setcookie.php (e) search.php (f) register.php (h) post.php (l) nreply.php (m) news.php (o) logout.php (p) login.php (q) index.php (r) help.php (s) forum.php (t) error.php (w) delpm.php (x) confirm.php or (y) board.php.
Reference
http://osvdb.org/38759 http://osvdb.org/38760 http://osvdb.org/38761 http://osvdb.org/38762 http://osvdb.org/38763 http://osvdb.org/38764 http://osvdb.org/38765 http://osvdb.org/38766 http://osvdb.org/38767 http://osvdb.org/38768 http://osvdb.org/38769 http://osvdb.org/38770 http://osvdb.org/38771 http://osvdb.org/38772 http://osvdb.org/38773 http://osvdb.org/38774 http://osvdb.org/38775 http://osvdb.org/38776 http://osvdb.org/38777 http://osvdb.org/38778 http://osvdb.org/38779 http://osvdb.org/38780 http://osvdb.org/38781 http://osvdb.org/38782 http://osvdb.org/38783 http://osvdb.org/38784 http://osvdb.org/38785 http://osvdb.org/38786 http://securityreason.com/securityalert/2777 http://www.securityfocus.com/archive/1/470239/100/0/threaded http://www.securityfocus.com/archive/1/470347/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34675
Share on: