1. CVE-Search
  2. CVE-2007-2545
ID CVE-2007-2545
Summary Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
References
Vulnerable Configurations
  • cpe:2.3:a:persism_cms:persism_cms:*:*:*:*:*:*:*:*
    cpe:2.3:a:persism_cms:persism_cms:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 23828
exploit-db 3853
osvdb
  • 37767
  • 37768
  • 37769
  • 37770
  • 37771
  • 37772
  • 37773
  • 37774
  • 37775
  • 37776
vupen ADV-2007-1671
xf persism-systempath-file-include(34102)
Last major update 11-10-2017 - 01:32
Published 09-05-2007 - 01:19
Last modified 11-10-2017 - 01:32
Back to Top