CVE-2007-2660
Published May 14, 2007
Last updated 3 months ago
Overview
- Description
- PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- -
- Impact
- Successful exploitation requires that "register_globals" is enabled.
- Solution
- Successful exploitation requires that "register_globals" is enabled.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6940066-C9C1-4407-B923-E8F89AC26711",
"versionEndIncluding": "3.3"
},
{
"criteria": "cpe:2.3:a:vincent_blavet:phpconcept_library:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "947C7344-2725-46E4-891F-4A2B0510764C"
}
],
"operator": "OR"
}
]
}
]