Vulnerabilities > CVE-2007-3228 - Remote File Include vulnerability in Simian Systems INC Sitellite CMS 4.2.12

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
simian-systems-inc
exploit available
NVD
Published: 2007-06-14
Updated: 2018-10-16

Summary

PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess.

Vulnerable Configurations

Part Description Count
Application
Simian_Systems_Inc
1

D2sec

namephpDocumentor 1.3 RC4 RFI
urlhttp://www.d2sec.com/exploits/phpdocumentor_1.3_rc4_rfi.html

Exploit-Db

descriptionSitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability. CVE-2007-3228. Webapps exploit for php platform
fileexploits/php/webapps/4071.txt
idEDB-ID:4071
last seen2016-01-31
modified2007-06-14
platformphp
port
published2007-06-14
reportero0xxdark0o
sourcehttps://www.exploit-db.com/download/4071/
titleSitellite CMS <= 4.2.12 559668.php Remote File Inclusion Vulnerability
typewebapps

References