Vulnerability Details CVE-2007-5642
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.134
EPSS Ranking 93.9%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/41951
- http://osvdb.org/41954
- http://osvdb.org/41955
- http://osvdb.org/41956
- http://osvdb.org/41960
- http://osvdb.org/41963
- http://osvdb.org/41970
- http://osvdb.org/41972
- http://osvdb.org/41974
- http://osvdb.org/41975
- http://secunia.com/advisories/27347
- http://www.securityfocus.com/bid/26148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37348
- https://www.exploit-db.com/exploits/4549
- http://osvdb.org/41951
- http://osvdb.org/41954
- http://osvdb.org/41955
- http://osvdb.org/41956
- http://osvdb.org/41960
- http://osvdb.org/41963
- http://osvdb.org/41970
- http://osvdb.org/41972
- http://osvdb.org/41974
- http://osvdb.org/41975
- http://secunia.com/advisories/27347
- http://www.securityfocus.com/bid/26148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37348
- https://www.exploit-db.com/exploits/4549
Products affected by CVE-2007-5642
-
cpe:2.3:a:phppm:php_project_management:*