Published: 13/03/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote malicious users to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
softnews media group datalife engine 4.1
softnews media group datalife engine 5.5

source: wwwsecurityfocuscom/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process This may allow the attacker to compromise the application and t ...

source: wwwsecurityfocuscom/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process This may allow the attacker to compromise the application and ...

NVD-CWE-Other http://www.securityfocus.com/bid/22913 http://securityreason.com/securityalert/2411 http://osvdb.org/35712 http://www.securityfocus.com/archive/1/462445/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29730/

CVE-2007-1424

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect