CVE-2007-5641 Information
Description
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php (2) emails/index.php (3) events/index.php (4) fax/index.php (5) files/index.php (6) files/list.php (7) groupadm/index.php (8) history/index.php (9) info/index.php (10) log/index.php (11) mail/index.php (12) messages/index.php (13) organizations/index.php (14) phones/index.php (15) presence/index.php (16) projects/index.php (17) projects/summary.inc.php (18) projects/list.php (19) reports/index.php (20) search/index.php (21) snf/index.php (22) syslog/index.php (23) tasks/searchsimilar.php (24) tasks/index.php (25) tasks/summary.inc.php and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.
Reference
http://osvdb.org/41905 http://osvdb.org/41906 http://osvdb.org/41907 http://osvdb.org/41908 http://osvdb.org/41909 http://osvdb.org/41910 http://osvdb.org/41912 http://osvdb.org/41913 http://osvdb.org/41914 http://osvdb.org/41917 http://osvdb.org/41918 http://osvdb.org/41920 http://osvdb.org/41925 http://osvdb.org/41927 http://osvdb.org/41928 http://osvdb.org/41931 http://osvdb.org/41934 http://osvdb.org/41957 http://osvdb.org/41975 http://secunia.com/advisories/27347 http://www.securityfocus.com/bid/26150 https://exchange.xforce.ibmcloud.com/vulnerabilities/37347 https://www.exploit-db.com/exploits/4549
Share on: