Vulnerabilities > CVE-2007-1439 - Remote File Include vulnerability in MySQL Commander
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. Successful exploitation requires that register_globals is enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability. CVE-2007-1439. Webapps exploit for php platform |
| file | exploits/php/webapps/3468.txt |
| id | EDB-ID:3468 |
| last seen | 2016-01-31 |
| modified | 2007-03-13 |
| platform | php |
| port | |
| published | 2007-03-13 |
| reporter | K-159 |
| source | https://www.exploit-db.com/download/3468/ |
| title | MySQL Commander <= 2.7 home Remote File Inclusion Vulnerability |
| type | webapps |
References
- http://advisories.echo.or.id/adv/adv73-K-159-2007.txt
- http://osvdb.org/34038
- http://secunia.com/advisories/24500
- http://securityreason.com/securityalert/2423
- http://www.securityfocus.com/archive/1/462685/100/0/threaded
- http://www.securityfocus.com/bid/22941
- http://www.vupen.com/english/advisories/2007/0942
- https://www.exploit-db.com/exploits/3468