1. CVE-Search
  2. CVE-2007-3085
ID CVE-2007-3085
Summary Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php.
References
Vulnerable Configurations
  • cpe:2.3:a:pbsite:pbsite:*:*:*:*:*:*:*:*
    cpe:2.3:a:pbsite:pbsite:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq
  • 20070601 PBSite - PHP Bulletin Site | CMS ====> RFI
  • 20070602 PBSite - PHP Bulletin Site | CMS ====> RFI
osvdb
  • 38759
  • 38760
  • 38761
  • 38762
  • 38763
  • 38764
  • 38765
  • 38766
  • 38767
  • 38768
  • 38769
  • 38770
  • 38771
  • 38772
  • 38773
  • 38774
  • 38775
  • 38776
  • 38777
  • 38778
  • 38779
  • 38780
  • 38781
  • 38782
  • 38783
  • 38784
  • 38785
  • 38786
sreason 2777
xf pbsite-dbpathtemppath-file-include(34675)
Last major update 16-10-2018 - 16:47
Published 06-06-2007 - 10:30
Last modified 16-10-2018 - 16:47
Back to Top