Vulnerabilities > CVE-2007-2169 - Remote Code Execution vulnerability in Mozzers SubSystem Add.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozzers-subsystem
exploit available

Summary

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php.

Vulnerable Configurations

Part Description Count
Application
Mozzers_Subsystem
1

Exploit-Db

descriptionMozzers SubSystem final (subs.php) Remote Code Execution Vulnerability. CVE-2007-2169. Webapps exploit for php platform
fileexploits/php/webapps/3761.txt
idEDB-ID:3761
last seen2016-01-31
modified2007-04-18
platformphp
port
published2007-04-18
reporterDj7xpl
sourcehttps://www.exploit-db.com/download/3761/
titleMozzers SubSystem final subs.php Remote Code Execution Vulnerability
typewebapps