CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4606 – PHPNuke-Clan 4.2.0 - 'mvcw_conver.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4606
31 Aug 2007 — PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself. Vulnerabilidad de inclusión remota de archivo en PHP en el convert/mvcw_conver.php del módulo Virtual War (VWar) para el PHPNuke-Clan (PNC) 4.2.0 y versiones anterior... • https://www.exploit-db.com/exploits/4333 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-1602
https://notcve.org/view.php?id=CVE-2006-1602
04 Apr 2006 — PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear. Vulnerabilidad de inclusión de fichero PHP remoto en includes/funcions_common.php en el módulo VWar Account (vWar_Account) en PHPNuke Clan 3.0.1 permite a atacantes remotos incluir fichero... • http://secunia.com/advisories/19501 •