Vulnerabilities > CVE-2007-1620 - Remote Security vulnerability in Php Db Designer

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

php-db-designer

critical

exploit available

NVD

Published: 2007-03-23

Updated: 2017-10-11

Summary

Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php.

Vulnerable Configurations

Part	Description	Count
Application	Php_Db_Designer PHP DB Designer PHP DB Designer *	1

Exploit-Db

description	PHP DB Designer <= 1.02 Remote File Include Vulnerabilities. CVE-2007-1620. Webapps exploit for php platform
file	exploits/php/webapps/3501.txt
id	EDB-ID:3501
last seen	2016-01-31
modified	2007-03-16
platform	php
port
published	2007-03-16
reporter	GoLd_M
source	https://www.exploit-db.com/download/3501/
title	PHP DB Designer <= 1.02 - Remote File Include Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References