CVE

Id
26131  
CVE No.
CVE-2007-2774  
Status
Candidate  
Description
Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.  
Phase
Assigned (20070521)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
263083 26131 CVE-2007-2774 MILW0RM:3953  View
263084 26131 CVE-2007-2774 URL:http://www.milw0rm.com/exploits/3953  View
263085 26131 CVE-2007-2774 BID:24062  View
263086 26131 CVE-2007-2774 URL:http://www.securityfocus.com/bid/24062  View
263087 26131 CVE-2007-2774 OSVDB:36227  View
263088 26131 CVE-2007-2774 URL:http://osvdb.org/36227  View
263089 26131 CVE-2007-2774 OSVDB:36228  View
263090 26131 CVE-2007-2774 URL:http://osvdb.org/36228  View
263091 26131 CVE-2007-2774 VUPEN:ADV-2007-1885  View
263092 26131 CVE-2007-2774 URL:http://www.vupen.com/english/advisories/2007/1885  View
263093 26131 CVE-2007-2774 SECUNIA:25366  View
263094 26131 CVE-2007-2774 URL:http://secunia.com/advisories/25366  View
263095 26131 CVE-2007-2774 XF:sunlightcms-connectstartup-file-include(34393)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53357 JVNDB-2007-002049 AlstraSoft Template Seller Pro における管理アクセス権を取得される脆弱性 AlstraSoft Template Seller Pro には、管理資格情報が欠落している際、Web ブラウザへの存在しないリダイレクトを送信するため、資格情報の変数設定を挿入されるおよび管理アクセス権を取得される脆弱性が存在します。 CVE-2007-2776 26131 10 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002049.html  View