Vulnerabilities > CVE-2007-1635 - Remote Security vulnerability in Net Portal Dynamic System
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution. CVE-2007-1634,CVE-2007-1635. Webapps exploit for php platform |
id | EDB-ID:3505 |
last seen | 2016-01-31 |
modified | 2007-03-18 |
published | 2007-03-18 |
reporter | DarkFig |
source | https://www.exploit-db.com/download/3505/ |
title | Net Portal Dynamic System NPDS <= 5.10 - Remote Code Execution |