Vulnerabilities > CVE-2007-1372 - Remote File Include vulnerability in Postguestbook 0.6.1

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
postguestbook
critical
exploit available
NVD
Published: 2007-03-10
Updated: 2017-10-11

Summary

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.

Vulnerable Configurations

Part Description Count
Application
Postguestbook
1

Exploit-Db

descriptionPHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability. CVE-2007-1372. Webapps exploit for php platform
fileexploits/php/webapps/3423.txt
idEDB-ID:3423
last seen2016-01-31
modified2007-03-07
platformphp
port
published2007-03-07
reporterGoLd_M
sourcehttps://www.exploit-db.com/download/3423/
titlePHP-Nuke Module PostGuestbook 0.6.1 tpl_pgb_moddir RFI Vulnerability
typewebapps

References