Vulnerability Description
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Butterfly | Butterfly | 1.08 |
References
- http://osvdb.org/38327
- http://securityvulns.com/Rdocument845.htmlExploit
- http://securityvulns.com/source26994.html
- http://www.securityfocus.com/archive/1/477253/100/0/threaded
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36147
- http://osvdb.org/38327
- http://securityvulns.com/Rdocument845.htmlExploit
- http://securityvulns.com/source26994.html
- http://www.securityfocus.com/archive/1/477253/100/0/threaded
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36147
FAQ
What is CVE-2007-4485?
CVE-2007-4485 is a vulnerability with a CVSS score of 6.8 (MEDIUM). PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote ...
How severe is CVE-2007-4485?
CVE-2007-4485 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4485?
Check the references section above for vendor advisories and patch information. Affected products include: Butterfly Butterfly.