Vulnerabilities > CVE-2007-1766 - Remote File Include vulnerability in MsxStudios Advanced Login ProfileEdit.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability. CVE-2007-1766. Webapps exploit for php platform |
| file | exploits/php/webapps/3608.txt |
| id | EDB-ID:3608 |
| last seen | 2016-01-31 |
| modified | 2007-03-29 |
| platform | php |
| port | |
| published | 2007-03-29 |
| reporter | Bithedz |
| source | https://www.exploit-db.com/download/3608/ |
| title | Advanced Login <= 0.7 root Remote File Inclusion Vulnerability |
| type | webapps |
References
- http://osvdb.org/34587
- http://secunia.com/advisories/24695
- http://securityreason.com/securityalert/2508
- http://www.securityfocus.com/archive/1/464147/100/0/threaded
- http://www.securityfocus.com/bid/23197
- http://www.vupen.com/english/advisories/2007/1179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33321
- https://www.exploit-db.com/exploits/3608