Published: 13/03/2007 Updated: 19/10/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
work system e-commerce work system e-commerce 3.0.4
work system e-commerce work system e-commerce 3.0.41
work system e-commerce work system e-commerce 3.0.5
work system e-commerce work system e-commerce 3.0.3

##################################################################################### Rodrigo Duarte Wuefez[AT]2die4com ;D WORK system e-commerce: WORK PHP,Mysql content management system CMS e-commerce or not : ajax, workflow, content,package,language,currency,country,price,stock,group user,CSS,banner,logo, link,partner,forum,new,FAQ,event,cale ...

NVD-CWE-Other http://www.securityfocus.com/bid/22908 http://secunia.com/advisories/24476 http://osvdb.org/33973 http://www.vupen.com/english/advisories/2007/0903 https://www.exploit-db.com/exploits/3448 https://nvd.nist.gov https://www.exploit-db.com/exploits/3448/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1423

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect