CVE Vulnerability

CVE-2007-1052

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://attrition.org/pipermail/vim/2007-February/001356.html
http://securityreason.com/securityalert/2269
http://osvdb.org/33737
http://www.securityfocus.com/archive/1/460315/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:pblang:pblang:*:*:*:*:*:*:*:*
Information

Published : 2007-02-21 11:28

Updated : 2018-10-16 04:36

NVD link : CVE-2007-1052

Mitre link : CVE-2007-1052

Products Affected
No products.
CWE
NVD-CWE-Other