Vulnerability Description
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cjg Explorer Pro | Cjg Explorer Pro | <= 3.3 |
| Vincent Blavet | Phpconcept Library | All versions |
References
- http://osvdb.org/36010
- http://secunia.com/advisories/25230Vendor Advisory
- http://www.attrition.org/pipermail/vim/2007-May/001618.html
- http://www.vupen.com/english/advisories/2007/1786
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34273
- https://www.exploit-db.com/exploits/3915
- http://osvdb.org/36010
- http://secunia.com/advisories/25230Vendor Advisory
- http://www.attrition.org/pipermail/vim/2007-May/001618.html
- http://www.vupen.com/english/advisories/2007/1786
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34273
- https://www.exploit-db.com/exploits/3915
FAQ
What is CVE-2007-2660?
CVE-2007-2660 is a vulnerability with a CVSS score of 6.8 (MEDIUM). PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows r...
How severe is CVE-2007-2660?
CVE-2007-2660 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2660?
Check the references section above for vendor advisories and patch information. Affected products include: Cjg Explorer Pro Cjg Explorer Pro, Vincent Blavet Phpconcept Library.