1. CVE-Search
  2. CVE-2007-2660
ID CVE-2007-2660
Summary PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
References
Vulnerable Configurations
  • cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:*:*:*:*:*:*:*:*
    cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:*:*:*:*:*:*:*:*
  • cpe:2.3:a:vincent_blavet:phpconcept_library:*:*:*:*:*:*:*:*
    cpe:2.3:a:vincent_blavet:phpconcept_library:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 11-04-2024 - 00:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
exploit-db 3915
osvdb 36010
secunia 25230
vim 20070514 shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI
vupen ADV-2007-1786
xf cjgexplorerpro-pcltarpcltrace-file-include(34273)
Last major update 11-04-2024 - 00:42
Published 14-05-2007 - 23:19
Last modified 11-04-2024 - 00:42
Back to Top