Vulnerabilities > CVE-2007-1976 - Unspecified vulnerability in Xoops Virii Info Module

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

xoops

exploit available

NVD

Published: 2007-04-12

Updated: 2024-04-11

Summary

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack

Vulnerable Configurations

Part	Description	Count
Application	Xoops Xoops Xoops Virii Info Module *	1

Exploit-Db

id	EDB-ID:3642

References

http://www.attrition.org/pipermail/vim/2007-April/001489.html
http://www.attrition.org/pipermail/vim/2007-April/001490.html
http://osvdb.org/37429
http://www.vupen.com/english/advisories/2007/1206
https://exchange.xforce.ibmcloud.com/vulnerabilities/33368
https://www.exploit-db.com/exploits/3642