CVE-2007-4738 Information

Feb 14, 2021 cve

Description

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php (4) stphpcheckbox.php (5) stphpcheckboxwithcaption.php (6) stphpcheckgroup.php (7) stphpcomponent.php (8) stphpcontrolwithcaption.php (9) stphpedit.php (10) stphpeditwithcaption.php (11) stphphr.php (12) stphpimage.php (13) stphpimagewithcaption.php (14) stphplabel.php (15) stphplistbox.php (16) stphplistboxwithcaption.php (17) stphplocale.php (18) stphppanel.php (19) stphpradiobutton.php (20) stphpradiobuttonwithcaption.php (21) stphpradiogroup.php (22) stphprichbutton.php (23) stphpspacer.php (24) stphptable.php (25) stphptablecell.php (26) stphptablerow.php (27) stphptabpanel.php (28) stphptabtitle.php (29) stphptextarea.php (30) stphptextareawithcaption.php (31) stphptoolbar.php (32) stphpwindow.php (33) stphpxmldoc.php or (34) stphpxmlelement.php a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

Share on: