Vulnerability Description
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lms | Lan Management System | <= 1.6.9 |
References
- http://osvdb.org/36194
- http://www.securityfocus.com/bid/24578
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34959
- https://www.exploit-db.com/exploits/4086
- http://osvdb.org/36194
- http://www.securityfocus.com/bid/24578
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34959
- https://www.exploit-db.com/exploits/4086
FAQ
What is CVE-2007-3325?
CVE-2007-3325 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, ...
How severe is CVE-2007-3325?
CVE-2007-3325 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3325?
Check the references section above for vendor advisories and patch information. Affected products include: Lms Lan Management System.