2 results (0.002 seconds)

CVSS: 7.5EPSS: 21%CPEs: 1EXPL: 1

CVE-2007-4738 – STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2007-4738

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inclusión remota de archivos PHP en SpeedTech PHP Library (STPHPLibrary) versión 0.8.0, permiten a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro (1) db_conf o (2) ADODB_DIR en el archivo utils/stphpimage_show.php; o una URL en el parámetro STPHPLIB_DIR en el archivo (3) stphpbutton.php,(4) stphpcheckbox.php,(5) stphpcheckboxwithcaption.php,(6) stphpcheckgroup.php,(7) stphpcomponent.php,(8) stphpcontrolwithcaption.php,(9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) esptosible.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, o (34) stphpxmlelement.php, un conjunto diferente de vectores de ataque de CVE-2007-4737. NOTA: la procedencia de esta información es desconocida; los datos son obtenidos únicamente de la información de terceros. • https://www.exploit-db.com/exploits/4358 http://osvdb.org/39073 http://osvdb.org/39074 http://osvdb.org/39075 http://osvdb.org/39076 http://osvdb.org/39077 http://osvdb.org/39078 http://osvdb.org/39079 http://osvdb.org/39080 http://osvdb.org/39081 http://osvdb.org/39082 http://osvdb.org/39083 http://osvdb.org/39084 http://osvdb.org/39085 http://osvdb.org/39086 http://osvdb.org/39087 http://osvdb.org/39088 http:/ • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1

CVE-2007-4737 – STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2007-4737

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el SpeedTech PHP Library (STPHPLibrary) 0.8.0 permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro STPHPLIB_DIR en el 1) stphpapplication.php, (2) stphpbtnimage.php o (3) stphpform.php. • https://www.exploit-db.com/exploits/4358 http://osvdb.org/38929 http://osvdb.org/38930 http://osvdb.org/38931 http://secunia.com/advisories/26658 http://www.securityfocus.com/bid/25525 http://www.vupen.com/english/advisories/2007/3092 https://exchange.xforce.ibmcloud.com/vulnerabilities/36416 • CWE-94: Improper Control of Generation of Code ('Code Injection') •