Vulnerability Description
PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xoops | Xoops Virii Info Module | <= 1.10 |
References
- http://osvdb.org/37429
- http://www.attrition.org/pipermail/vim/2007-April/001489.html
- http://www.attrition.org/pipermail/vim/2007-April/001490.html
- http://www.vupen.com/english/advisories/2007/1206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33368
- https://www.exploit-db.com/exploits/3642
- http://osvdb.org/37429
- http://www.attrition.org/pipermail/vim/2007-April/001489.html
- http://www.attrition.org/pipermail/vim/2007-April/001490.html
- http://www.vupen.com/english/advisories/2007/1206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33368
- https://www.exploit-db.com/exploits/3642
FAQ
What is CVE-2007-1976?
CVE-2007-1976 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] p...
How severe is CVE-2007-1976?
CVE-2007-1976 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1976?
Check the references section above for vendor advisories and patch information. Affected products include: Xoops Xoops Virii Info Module.