Vulnerabilities > CVE-2007-1424 - Remote File Include vulnerability in Softnews Media Group Datalife Engine 4.1/5.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
softnews-media-group
exploit available
NVD
Published: 2007-03-13
Updated: 2018-10-16

Summary

Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Softnews_Media_Group
2

Exploit-Db

  • descriptionSoftNews 4.1/5.5 engine/Ajax/editnews.php root_dir Parameter Remote File Inclusion. CVE-2007-1424. Webapps exploit for php platform
    idEDB-ID:29731
    last seen2016-02-03
    modified2007-03-10
    published2007-03-10
    reporterHasadya Raed
    sourcehttps://www.exploit-db.com/download/29731/
    titleSoftNews 4.1/5.5 engine/Ajax/editnews.php root_dir Parameter Remote File Inclusion
  • descriptionSoftNews 4.1/5.5 engine/init.php root_dir Parameter Remote File Inclusion. CVE-2007-1424. Webapps exploit for php platform
    idEDB-ID:29730
    last seen2016-02-03
    modified2007-03-10
    published2007-03-10
    reporterHasadya Raed
    sourcehttps://www.exploit-db.com/download/29730/
    titleSoftNews 4.1/5.5 engine/init.php root_dir Parameter Remote File Inclusion

References