CVE-2007-5631

Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.
Configurations

Configuration 1

cpe:2.3:a:peopleaggregator:peopleaggregator:1.2pre6:*:*:*:*:*:*:*

Information

Published : 2007-10-23 05:46

Updated : 2018-10-15 09:45


NVD link : CVE-2007-5631

Mitre link : CVE-2007-5631

Products Affected
No products.
CWE