Vulnerabilities > CVE-2007-2141 - Remote PHP Code Execution vulnerability in ShoutPro Shoutbox.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | ShoutPro. CVE-2007-2141. Webapps exploit for php platform |
| file | exploits/php/webapps/3758.php |
| id | EDB-ID:3758 |
| last seen | 2016-01-31 |
| modified | 2007-04-17 |
| platform | php |
| port | |
| published | 2007-04-17 |
| reporter | Gammarays |
| source | https://www.exploit-db.com/download/3758/ |
| title | ShoutPro <= 1.5.2 shout.php Remote Code Injection Exploit |
| type | webapps |
References
- http://osvdb.org/34999
- http://secunia.com/advisories/24939
- http://securityreason.com/securityalert/2593
- http://www.securityfocus.com/archive/1/466037/100/0/threaded
- http://www.securityfocus.com/bid/23542
- http://www.vupen.com/english/advisories/2007/1432
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33727
- https://www.exploit-db.com/exploits/3758