CVE-2007-2199

Published Apr 24, 2007

Last updated 6 years ago

CVSS info 6.8

Overview

Description: PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFD7168-2109-4E5D-AFA4-CA1629FA5FB6"
          },
          {
            "criteria": "cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D548B3C9-483F-492C-A6BB-694B7217FEE8"
          },
          {
            "criteria": "cpe:2.3:a:nx:n_x_wcms:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9EF055B-8A9E-4EFB-A0E0-EB1C8400080B"
          },
          {
            "criteria": "cpe:2.3:a:phpsitebackup:phpsitebackup:0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "348884F6-BB44-4BAF-95AD-63A86C175B01"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References