CVE

Id
25209  
CVE No.
CVE-2007-1852  
Status
Candidate  
Description
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used.  
Phase
Assigned (20070403)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
251008 25209 CVE-2007-1852 BUGTRAQ:20070331 2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability  View
251009 25209 CVE-2007-1852 URL:http://www.securityfocus.com/archive/1/archive/1/464458/100/0/threaded  View
251010 25209 CVE-2007-1852 VIM:20070427 FALSE -> 2bgal RFI  View
251011 25209 CVE-2007-1852 URL:http://attrition.org/pipermail/vim/2007-April/001565.html  View
251012 25209 CVE-2007-1852 SREASON:2517  View
251013 25209 CVE-2007-1852 URL:http://securityreason.com/securityalert/2517  View
251014 25209 CVE-2007-1852 XF:2bgal-langfilename-file-include(33375)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
54943 JVNDB-2007-003635 uCosminexus などの製品で使用される Hitachi Cosminexus Component Container における脆弱性 uCosminexus Application Server、uCosminexus Service Platform、uCosminexus Developer、uCosminexus Service Architect、Electronic Form Workflow Standard Set、Professional Library Set、Developer Client Set および uCosminexus ERP Integrator で使用される Hitachi Cosminexus Component Container には、不特定の影響を受ける脆弱性が存在します。 CVE-2007-1854 25209 5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003635.html  View