Vulnerabilities > CVE-2007-0172 - Unspecified vulnerability in Allmyguests Project Allmyguests 0.1.2/0.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

allmyguests-project

exploit available

NVD

Published: 2007-01-11

Updated: 2024-04-23

Summary

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

Vulnerable Configurations

Part	Description	Count
Application	Allmyguests_Project Allmyguests Project Allmyguests 0.1.2 Allmyguests Project Allmyguests 0.3	2

Exploit-Db

description	AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities. CVE-2007-0172. Webapps exploit for php platform
file	exploits/php/webapps/3093.txt
id	EDB-ID:3093
last seen	2016-01-31
modified	2007-01-07
platform	php
port
published	2007-01-07
reporter	beks
source	https://www.exploit-db.com/download/3093/
title	AllMyGuests <= 0.3.0 AMG_serverpath Remote Inclusion Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References