Vulnerabilities > CVE-2007-2326 - Unspecified vulnerability in Goldcoders Hyip Manager PRO
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN goldcoders
exploit available
Summary
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | HYIP Manager Pro Multiple Remote File Include Vulnerabilities. CVE-2007-2326. Webapps exploit for php platform |
| id | EDB-ID:29909 |
| last seen | 2016-02-03 |
| modified | 2007-04-25 |
| published | 2007-04-25 |
| reporter | alijsb |
| source | https://www.exploit-db.com/download/29909/ |
| title | HYIP Manager Pro Multiple Remote File Include Vulnerabilities |
References
- http://securityreason.com/securityalert/2634
- http://securityreason.com/securityalert/2634
- http://www.securityfocus.com/archive/1/466837/100/0/threaded
- http://www.securityfocus.com/archive/1/466837/100/0/threaded
- http://www.securityfocus.com/bid/23663
- http://www.securityfocus.com/bid/23663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33882
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33882