Vulnerabilities > CVE-2007-1935 - Remote Security vulnerability in Scar4U.De Scaradcontroller 1.1

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

scar4u-de

exploit available

NVD

Published: 2007-04-10

Updated: 2017-10-11

Summary

PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.

Vulnerable Configurations

Part	Description	Count
Application	Scar4U.De Scar4U.De Scaradcontroller 1.1	1

Exploit-Db

id	EDB-ID:3682

References

http://osvdb.org/37403
https://www.exploit-db.com/exploits/3682