Vulnerabilities > CVE-2007-2677 - Remote File Include vulnerability in PHPchess 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpChess Community Edition 2.0 Multiple RFI Vulnerabilities. CVE-2007-2677. Webapps exploit for php platform |
| file | exploits/php/webapps/3837.txt |
| id | EDB-ID:3837 |
| last seen | 2016-01-31 |
| modified | 2007-05-03 |
| platform | php |
| port | |
| published | 2007-05-03 |
| reporter | GoLd_M |
| source | https://www.exploit-db.com/download/3837/ |
| title | phpChess Community Edition 2.0 - Multiple RFI Vulnerabilities |
| type | webapps |
References
- http://attrition.org/pipermail/vim/2007-May/001586.html
- http://osvdb.org/35592
- http://osvdb.org/35593
- http://osvdb.org/35594
- http://osvdb.org/35595
- http://secunia.com/advisories/25147
- http://www.securityfocus.com/bid/23797
- http://www.vupen.com/english/advisories/2007/1649
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34056
- https://www.exploit-db.com/exploits/3837