Vulnerability Details CVE-2007-4326
Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/36443
- http://osvdb.org/36444
- http://osvdb.org/36445
- http://osvdb.org/36446
- http://osvdb.org/36447
- http://osvdb.org/36448
- http://secunia.com/advisories/26399
- http://securityreason.com/securityalert/2993
- http://www.securityfocus.com/archive/1/475954/100/0/threaded
- http://www.vupen.com/english/advisories/2007/2836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35922
- http://osvdb.org/36443
- http://osvdb.org/36444
- http://osvdb.org/36445
- http://osvdb.org/36446
- http://osvdb.org/36447
- http://osvdb.org/36448
- http://secunia.com/advisories/26399
- http://securityreason.com/securityalert/2993
- http://www.securityfocus.com/archive/1/475954/100/0/threaded
- http://www.vupen.com/english/advisories/2007/2836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35922
Products affected by CVE-2007-4326
-
cpe:2.3:a:mapos_scripts:bilder_uploader:1.3