Vulnerabilities > CVE-2007-2201 - Remote File Include vulnerability in Post Revolution Post Revolution 6.6/7.0Rc2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Post Revolution <= 0.7.0 RC 2 (dir) Remote File Inclusion Vulnerability. CVE-2007-2201. Webapps exploit for php platform |
| file | exploits/php/webapps/3785.txt |
| id | EDB-ID:3785 |
| last seen | 2016-01-31 |
| modified | 2007-04-23 |
| platform | php |
| port | |
| published | 2007-04-23 |
| reporter | InyeXion |
| source | https://www.exploit-db.com/download/3785/ |
| title | Post Revolution <= 0.7.0 RC 2 dir Remote File Inclusion Vulnerability |
| type | webapps |
References
- http://osvdb.org/35317
- http://osvdb.org/35318
- http://secunia.com/advisories/24971
- http://securityreason.com/securityalert/2653
- http://www.securityfocus.com/archive/1/466707/100/0/threaded
- http://www.securityfocus.com/bid/23607
- http://www.vupen.com/english/advisories/2007/1513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33825
- https://www.exploit-db.com/exploits/3785