Vulnerabilities > CVE-2007-1986 - Remote File Include vulnerability in Barnraiser Aroundme 0.7.7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
barnraiser
exploit available
NVD
Published: 2007-04-12
Updated: 2017-10-11

Summary

Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.

Vulnerable Configurations

Part Description Count
Application
Barnraiser
1

Exploit-Db

descriptionAROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities. CVE-2007-1986. Webapps exploit for php platform
fileexploits/php/webapps/3659.txt
idEDB-ID:3659
last seen2016-01-31
modified2007-04-04
platformphp
port
published2007-04-04
reporterkezzap66345
sourcehttps://www.exploit-db.com/download/3659/
titleAROUNDMe 0.7.7 - Multiple Remote File Inclusion Vulnerabilities
typewebapps

References