CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-4181

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.7%

CVSS Severity

CVSS v2 Score 6.8

References

http://outlaw.aria-security.info/?p=12
http://securityreason.com/securityalert/2973
http://www.attrition.org/pipermail/vim/2007-August/001752.html
http://www.securityfocus.com/archive/1/475323/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35756
http://outlaw.aria-security.info/?p=12
http://securityreason.com/securityalert/2973
http://www.attrition.org/pipermail/vim/2007-August/001752.html
http://www.securityfocus.com/archive/1/475323/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35756

Products affected by CVE-2007-4181

Pluck » Pluck » Version: 4.3

cpe:2.3:a:pluck:pluck:4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4181

Products

Pricing

Contact Us