CVE-2007-1957 - Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain

CVE-2007-1957

Summary

Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.

References

http://osvdb.org/35290
http://securityreason.com/securityalert/2543
http://www.securityfocus.com/archive/1/465083/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:guernion_sylvain_portail:web_php:*:*:*:*:*:*:*:*
cpe:2.3:a:guernion_sylvain_portail:web_php:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20070408 Gsylvain35 Portail Web Remote File Include Vulnerabilities
osvdb	35290
sreason	2543

Last major update

16-10-2018 - 16:41

Published

11-04-2007 - 01:19

Last modified

16-10-2018 - 16:41