Vulnerabilities > CVE-2007-1628 - Remote File Include vulnerability in Studiewijzer 0.13/0.14/0.15
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | Study planner (Studiewijzer) <= 0.15 Remote File Inclusion Vulnerability. CVE-2007-1628. Webapps exploit for php platform |
| file | exploits/php/webapps/3532.txt |
| id | EDB-ID:3532 |
| last seen | 2016-01-31 |
| modified | 2007-03-21 |
| platform | php |
| port | |
| published | 2007-03-21 |
| reporter | K-159 |
| source | https://www.exploit-db.com/download/3532/ |
| title | study planner studiewijzer <= 0.15 - Remote File Inclusion Vulnerability |
| type | webapps |
References
- http://advisories.echo.or.id/adv/adv77-K-159-2007.txt
- http://www.securityfocus.com/archive/1/463491/100/0/threaded
- http://www.securityfocus.com/bid/23076
- http://www.vupen.com/english/advisories/2007/1069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33128
- https://www.exploit-db.com/exploits/3532