CVE-2007-1631 - PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execu

CVE-2007-1631

Summary

PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use

References

http://www.attrition.org/pipermail/vim/2007-March/001443.html
http://www.osvdb.org/33503
http://securityreason.com/securityalert/2469
http://www.securityfocus.com/archive/1/463076/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:clbox:clbox:1.01:*:*:*:*:*:*:*
cpe:2.3:a:clbox:clbox:1.01:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 07-08-2024 - 13:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20070317 CLBOX <= (signup.php header) Remote File Include Vulnerability
osvdb	33503
sreason	2469
vim	20070319 Bogus - [CLBOX <= (signup.php header) Remote File Include Vulnerability]

Last major update

07-08-2024 - 13:15

Published

23-03-2007 - 21:19

Last modified

07-08-2024 - 13:15