Vulnerability Details CVE-2007-1053
Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://attrition.org/pipermail/vim/2007-February/001365.html
- http://osvdb.org/33749
- http://securityreason.com/securityalert/2273
- http://www.securityfocus.com/archive/1/460618/100/0/threaded
- http://attrition.org/pipermail/vim/2007-February/001365.html
- http://osvdb.org/33749
- http://securityreason.com/securityalert/2273
- http://www.securityfocus.com/archive/1/460618/100/0/threaded
Products affected by CVE-2007-1053
-
cpe:2.3:a:warped_systems:phpxmms:1.0