Published: 20/09/2007 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote malicious users to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support.

Vulnerable Product	Search on Vulmon	Subscribe to Product
streamline streamline 1.0_beta4

Vulnerability Type: Remote File Inclusion Vulnerable file: /streamline-10-beta4/src/core/theme/includes/account_footerphp Exploit URL: localhost/streamline-10-beta4/src/core/theme/includes/account_footerphp?sl_theme_unix_path=localhost/shelltxt? Method: get Register_globals: On Vulnerable variable: sl_theme_unix_path Line number: ...

CWE-94 http://arfis.wordpress.com/2007/09/14/rfi-03-streamline-php-media-server/http://www.securityfocus.com/bid/25736 http://osvdb.org/38293 http://osvdb.org/38290 http://osvdb.org/38294 http://osvdb.org/38292 http://osvdb.org/38291 http://osvdb.org/38295 https://exchange.xforce.ibmcloud.com/vulnerabilities/36683 https://www.exploit-db.com/exploits/4430 https://nvd.nist.gov https://www.exploit-db.com/exploits/4430/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-5015

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect