CVE-2007-4181
N/A
N/A
Summary
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35756
- http://securityreason.com/securityalert/2973
- http://www.attrition.org/pipermail/vim/2007-August/001752.html
- http://www.securityfocus.com/archive/1/475323/100/0/threaded
- http://outlaw.aria-security.info/?p=12
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35756
- http://securityreason.com/securityalert/2973
- http://www.attrition.org/pipermail/vim/2007-August/001752.html
- http://www.securityfocus.com/archive/1/475323/100/0/threaded
- http://outlaw.aria-security.info/?p=12
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.