Vulnerabilities > CVE-2007-1018 - Remote Security vulnerability in VS-News-System

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

virtualsystem

critical

NVD

Published: 2007-02-21

Updated: 2008-11-15

Summary

PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Virtualsystem Virtualsystem VS News System *	1

References

http://osvdb.org/33248
http://secunia.com/advisories/24220