CVE-2007-0167 - Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with

CVE-2007-0167

Summary

Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.

References

Vulnerable Configurations

cpe:2.3:a:ppc_search_engine:ppc_search_engine:1.61:*:*:*:*:*:*:*
cpe:2.3:a:ppc_search_engine:ppc_search_engine:1.61:*:*:*:*:*:*:*
cpe:2.3:a:wgs-ppc:wgs-ppc:*:*:*:*:*:*:*:*
cpe:2.3:a:wgs-ppc:wgs-ppc:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21961
bugtraq	20070109 ppc engine Multiple file inclusion
exploit-db	3104
osvdb	33444 33445 33446 33447 33448 33449 33450 33451 33452 33453 33454
sreason	2134
vim	20070109 "ppc engine" is WGS-PPC
xf	demoppc-inc-file-include(31355)

Last major update

16-10-2018 - 16:31

Published

10-01-2007 - 01:28

Last modified

16-10-2018 - 16:31