Vulnerability Description
PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xoops | Wiwimod Module | 0.4 |
References
- http://osvdb.org/38473
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34951
- https://www.exploit-db.com/exploits/4084
- http://osvdb.org/38473
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34951
- https://www.exploit-db.com/exploits/4084
FAQ
What is CVE-2007-3289?
CVE-2007-3289 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. ...
How severe is CVE-2007-3289?
CVE-2007-3289 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3289?
Check the references section above for vendor advisories and patch information. Affected products include: Xoops Wiwimod Module.