Vulnerabilities > CVE-2007-3228 - Remote File Include vulnerability in Simian Systems INC Sitellite CMS 4.2.12
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
D2sec
name | phpDocumentor 1.3 RC4 RFI |
url | http://www.d2sec.com/exploits/phpdocumentor_1.3_rc4_rfi.html |
Exploit-Db
description | Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability. CVE-2007-3228. Webapps exploit for php platform |
file | exploits/php/webapps/4071.txt |
id | EDB-ID:4071 |
last seen | 2016-01-31 |
modified | 2007-06-14 |
platform | php |
port | |
published | 2007-06-14 |
reporter | o0xxdark0o |
source | https://www.exploit-db.com/download/4071/ |
title | Sitellite CMS <= 4.2.12 559668.php Remote File Inclusion Vulnerability |
type | webapps |
References
- http://osvdb.org/36816
- http://www.attrition.org/pipermail/vim/2007-June/001658.html
- http://www.attrition.org/pipermail/vim/2007-June/001659.html
- http://www.securityfocus.com/archive/1/471540/100/0/threaded
- http://www.securityfocus.com/archive/1/471721/100/0/threaded
- http://www.securityfocus.com/bid/24474
- http://www.vupen.com/english/advisories/2007/2207
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34860
- https://www.exploit-db.com/exploits/4071