CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1924

Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 72.1%

CVSS Severity

CVSS v2 Score 6.8

References

http://securityreason.com/securityalert/2528
http://www.attrition.org/pipermail/vim/2007-April/001495.html
http://www.securityfocus.com/archive/1/464877/100/0/threaded
http://securityreason.com/securityalert/2528
http://www.attrition.org/pipermail/vim/2007-April/001495.html
http://www.securityfocus.com/archive/1/464877/100/0/threaded

Products affected by CVE-2007-1924

Phpcontact » Phpcontact » Version: Any

cpe:2.3:a:phpcontact:phpcontact:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1924

Products

Pricing

Contact Us