CVE Vulnerability

CVE-2007-4169

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 1 because the applicable include_once is located in a function that is not called on a direct request, and because $dirpath is an argument to this function. CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://securityreason.com/securityalert/2963
http://osvdb.org/46803
https://exchange.xforce.ibmcloud.com/vulnerabilities/35819
http://www.securityfocus.com/archive/1/475643/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:vgallite:vgallite:*:*:*:*:*:*:*:*
Information

Published : 2007-08-07 10:17

Updated : 2018-10-15 09:33

NVD link : CVE-2007-4169

Mitre link : CVE-2007-4169

Products Affected
No products.
CWE
CWE-94