Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webmedia Explorer | Webmedia Explorer | 3.2.2 |
Related Weaknesses (CWE)
References
- http://arfis.wordpress.com/2007/09/14/rfi-03-webmedia-explorer/
- http://osvdb.org/43140
- http://osvdb.org/43141
- http://osvdb.org/43142
- http://osvdb.org/43143
- http://arfis.wordpress.com/2007/09/14/rfi-03-webmedia-explorer/
- http://osvdb.org/43140
- http://osvdb.org/43141
- http://osvdb.org/43142
- http://osvdb.org/43143
FAQ
What is CVE-2007-4948?
CVE-2007-4948 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss....
How severe is CVE-2007-4948?
CVE-2007-4948 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4948?
Check the references section above for vendor advisories and patch information. Affected products include: Webmedia Explorer Webmedia Explorer.