NVD

Id
54841  
Name
CVE-2007-2677  
Description
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-05-14  
Modified Date
2011-03-07  
Seq
2007-2677  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
278335 54841 CVE-2007-2677 20070507 Mostly True: phpChess Community Edition 2.0 RFI  View
278336 54841 CVE-2007-2677 3837  View
278337 54841 CVE-2007-2677 23797  View
278338 54841 CVE-2007-2677 ADV-2007-1649  View
278339 54841 CVE-2007-2677 phpchess-rootpath-config-file-include(34056)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
56882 JVNDB-2007-005574 phpChess Community Edition における PHP リモートファイルインクルージョンの脆弱性 phpChess Community Edition には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2007-2677 26032 CVE-2007-2677 54841 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005574.html 2007-05-14 2012-12-20 View