CVE

Id
26551  
CVE No.
CVE-2007-3194  
Status
Candidate  
Description
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist.  
Phase
Assigned (20070612)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
269518 26551 CVE-2007-3194 BUGTRAQ:20070609 myBloggie 2.1.5 Remote File Include  View
269519 26551 CVE-2007-3194 URL:http://www.securityfocus.com/archive/1/archive/1/470972/100/0/threaded  View
269520 26551 CVE-2007-3194 BUGTRAQ:20070610 Re: myBloggie 2.1.5 Remote File Include  View
269521 26551 CVE-2007-3194 URL:http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html  View
269522 26551 CVE-2007-3194 OSVDB:37685  View
269523 26551 CVE-2007-3194 URL:http://osvdb.org/37685  View
269524 26551 CVE-2007-3194 SREASON:2794  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55304 JVNDB-2007-003996 vSupport Integrated Ticket System の vBSupport.php における SQL インジェクションの脆弱性 vSupport Integrated Ticket System の vBSupport.php には、SQL インジェクションの脆弱性が存在します。 CVE-2007-3196 26551 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003996.html  View