CVE

Id
24220  
CVE No.
CVE-2007-0863  
Status
Candidate  
Description
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.  
Phase
Assigned (20070208)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
237144 24220 CVE-2007-0863 VIM:20070115 [Bogus] [ilkerkandemir at mynet.com: Trevorchan <= v0.7 Remote File Include Vulnerability] (fwd)  View
237145 24220 CVE-2007-0863 URL:http://www.attrition.org/pipermail/vim/2007-January/001241.html  View
237146 24220 CVE-2007-0863 OSVDB:33475  View
237147 24220 CVE-2007-0863 URL:http://osvdb.org/33475  View
237148 24220 CVE-2007-0863 SECTRACK:1017512  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
54665 JVNDB-2007-003357 LushiNews の comments.php における SQL インジェクションの脆弱性 LushiNews の comments.php には、SQL インジェクションの脆弱性が存在します。 CVE-2007-0865 24220 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003357.html  View