Vulnerabilities > CVE-2007-0561 - Remote File Include vulnerability in Xero Portal Xero Portal 1.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xero-portal
exploit available
NVD
Published: 2007-01-30
Updated: 2018-10-16

Summary

Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.

Vulnerable Configurations

Part Description Count
Application
Xero_Portal
1

Exploit-Db

descriptionXero Portal (phpbb_root_path) Remote File Include Vulnerablity. CVE-2007-0561. Webapps exploit for php platform
fileexploits/php/webapps/3192.pl
idEDB-ID:3192
last seen2016-01-31
modified2007-01-24
platformphp
port
published2007-01-24
reporterMehmet Ince
sourcehttps://www.exploit-db.com/download/3192/
titleXero Portal phpbb_root_path Remote File Include Vulnerablity
typewebapps

References