- Description
- PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Successful exploitation requires that "register_globals" is enabled.
- Solution
- Successful exploitation requires that "register_globals" is enabled.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6940066-C9C1-4407-B923-E8F89AC26711",
"versionEndIncluding": "3.3"
},
{
"criteria": "cpe:2.3:a:vincent_blavet:phpconcept_library:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "947C7344-2725-46E4-891F-4A2B0510764C"
}
],
"operator": "OR"
}
]
}
]