Vulnerabilities > CVE-2007-0787 - Local File Include vulnerability in Simple Invoices Simple Invoices 20070202

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

simple-invoices

NVD

Published: 2007-02-06

Updated: 2017-07-29

Summary

PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information. Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled.

Vulnerable Configurations

Part	Description	Count
Application	Simple_Invoices Simple Invoices Simple Invoices 2007-02-02	1

References

http://osvdb.org/31796
http://secunia.com/advisories/24040
http://www.securityfocus.com/bid/22389
http://www.simpleinvoices.org/index.php?news=25
http://www.vupen.com/english/advisories/2007/0481
https://exchange.xforce.ibmcloud.com/vulnerabilities/32207