Vulnerabilities > CVE-2007-3228 - Unspecified vulnerability in Simian Systems INC Sitellite CMS 4.2.12
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN simian-systems-inc
exploit available
Summary
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
D2sec
| name | phpDocumentor 1.3 RC4 RFI |
| url | http://www.d2sec.com/exploits/phpdocumentor_1.3_rc4_rfi.html |
Exploit-Db
| description | Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability. CVE-2007-3228. Webapps exploit for php platform |
| file | exploits/php/webapps/4071.txt |
| id | EDB-ID:4071 |
| last seen | 2016-01-31 |
| modified | 2007-06-14 |
| platform | php |
| port | |
| published | 2007-06-14 |
| reporter | o0xxdark0o |
| source | https://www.exploit-db.com/download/4071/ |
| title | Sitellite CMS <= 4.2.12 559668.php Remote File Inclusion Vulnerability |
| type | webapps |
References
- http://osvdb.org/36816
- http://osvdb.org/36816
- http://www.attrition.org/pipermail/vim/2007-June/001658.html
- http://www.attrition.org/pipermail/vim/2007-June/001658.html
- http://www.attrition.org/pipermail/vim/2007-June/001659.html
- http://www.attrition.org/pipermail/vim/2007-June/001659.html
- http://www.securityfocus.com/archive/1/471540/100/0/threaded
- http://www.securityfocus.com/archive/1/471540/100/0/threaded
- http://www.securityfocus.com/archive/1/471721/100/0/threaded
- http://www.securityfocus.com/archive/1/471721/100/0/threaded
- http://www.securityfocus.com/bid/24474
- http://www.securityfocus.com/bid/24474
- http://www.vupen.com/english/advisories/2007/2207
- http://www.vupen.com/english/advisories/2007/2207
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34860
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34860
- https://www.exploit-db.com/exploits/4071
- https://www.exploit-db.com/exploits/4071