Vulnerabilities > CVE-2007-1635 - Remote Security vulnerability in Net Portal Dynamic System

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
net-portal-dynamic-system
critical
exploit available
NVD
Published: 2007-03-23
Updated: 2018-10-16

Summary

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.

Vulnerable Configurations

Part Description Count
Application
Net_Portal_Dynamic_System
1

Exploit-Db

descriptionNet Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution. CVE-2007-1634,CVE-2007-1635. Webapps exploit for php platform
idEDB-ID:3505
last seen2016-01-31
modified2007-03-18
published2007-03-18
reporterDarkFig
sourcehttps://www.exploit-db.com/download/3505/
titleNet Portal Dynamic System NPDS <= 5.10 - Remote Code Execution

References