Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php. NOTE: the modules/visitors2/include/config.inc.php vector is already covered by CVE-2006-4373. NOTE: vector 1 is disputed by CVE because PHP encounters a fatal instantiation error on a direct request for the file, before reaching the include statement.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Derek Leung | Pslash | 0.70 |
Related Weaknesses (CWE)
References
- http://arfis.wordpress.com/2007/09/14/rfi-03-pslash/Exploit
- http://osvdb.org/38288
- http://osvdb.org/38289
- http://arfis.wordpress.com/2007/09/14/rfi-03-pslash/Exploit
- http://osvdb.org/38288
- http://osvdb.org/38289
FAQ
What is CVE-2007-5014?
CVE-2007-5014 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-arch...
How severe is CVE-2007-5014?
CVE-2007-5014 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5014?
Check the references section above for vendor advisories and patch information. Affected products include: Derek Leung Pslash.