CVE-2007-2660
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
** IMPUGNADO ** Vulnerabilidad de inclusión remota de archivo en PHP en pcltrace.lib.php en el módulo PclTar en Vincent Blavet PhpConcept Library, según utilizado en CJG EXPLORER PRO 3.3 y anteriores y posiblemente otros productos, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro g_pcltar_lib_dir. NOTA: CVE impugna este asunto puesto que no hay ninguna declaración en pcltrace.lib.ph. NOTA: el vector pcltar.lib.php está actualmente cubierto por CVE-2007-2199.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-05-14 CVE Reserved
- 2007-05-14 CVE Published
- 2024-04-24 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://osvdb.org/36010 | Vdb Entry | |
http://www.attrition.org/pipermail/vim/2007-May/001618.html | Mailing List | |
http://www.vupen.com/english/advisories/2007/1786 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/34273 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/3915 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/25230 | 2024-05-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cjg Explorer Pro Search vendor "Cjg Explorer Pro" | Cjg Explorer Pro Search vendor "Cjg Explorer Pro" for product "Cjg Explorer Pro" | <= 3.3 Search vendor "Cjg Explorer Pro" for product "Cjg Explorer Pro" and version " <= 3.3" | - |
Affected
| ||||||
Vincent Blavet Search vendor "Vincent Blavet" | Phpconcept Library Search vendor "Vincent Blavet" for product "Phpconcept Library" | * | - |
Affected
|