Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-3217

Published: 14/06/2007 Updated: 16/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 810
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Prototype Of An Php Application

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote malicious users to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prototype of an php application prototype of an php application 0.1

Exploits

Exploit DB: Prototype of an PHP Application 0.1 - 'param.inc.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the ...
Exploit DB: Prototype of an PHP Application 0.1 - '/ident/disconnect.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context o ...
Exploit DB: Prototype of an PHP Application 0.1 - 'common.inc.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code ...
Exploit DB: Prototype of an PHP Application 0.1 - '/ident/ident.inc.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the con ...
Exploit DB: Prototype of an PHP Application 0.1 - '/ident/loginliste.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context ...
Exploit DB: Prototype of an PHP Application 0.1 - '/menu/menuprincipal.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the c ...
Exploit DB: Prototype of an PHP Application 0.1 - '/gestion/index.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of th ...
Exploit DB: Prototype of an PHP Application 0.1 - '/plugins/PHPgacl/index.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in t ...
Exploit DB: Prototype of an PHP Application 0.1 - '/ident/loginmodif.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the conte ...
Exploit DB: Prototype of an PHP Application 0.1 - 'index.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in ...
Exploit DB: Prototype of an PHP Application 0.1 - '/ident/index.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the con ...
Exploit DB: Prototype of an PHP Application 0.1 - '/ident/identification.php?path_inc' Remote File Inclusion
source: wwwsecurityfocuscom/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/24266http://securityreason.com/securityalert/2812http://osvdb.org/37152http://osvdb.org/37161http://osvdb.org/37151http://osvdb.org/37155http://osvdb.org/37159http://osvdb.org/37153http://osvdb.org/37158http://osvdb.org/37157http://osvdb.org/37160http://osvdb.org/37154http://osvdb.org/37149http://osvdb.org/37156http://osvdb.org/37150https://exchange.xforce.ibmcloud.com/vulnerabilities/34679http://www.securityfocus.com/archive/1/470245/100/100/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/30126/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook