Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-1415

Disclosure Date: March 12, 2007
CVE-2007-1415
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or © admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or ® options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

References

Canonical
CVE-2007-1415 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1415)
BID-22895 (http://www.securityfocus.com/bid/22895)
Advisory
OSVDB-35115 (http://www.osvdb.org/35115)
OSVDB-35111 (http://www.osvdb.org/35111)
OSVDB-35116 (http://www.osvdb.org/35116)
OSVDB-35101 (http://www.osvdb.org/35101)
OSVDB-35105 (http://www.osvdb.org/35105)
OSVDB-35123 (http://www.osvdb.org/35123)
OSVDB-35121 (http://www.osvdb.org/35121)
OSVDB-35103 (http://www.osvdb.org/35103)
OSVDB-35107 (http://www.osvdb.org/35107)
OSVDB-35106 (http://www.osvdb.org/35106)
EXPLOIT-DB-3443 (https://www.exploit-db.com/exploits/3443)
OSVDB-35125 (http://www.osvdb.org/35125)
OSVDB-35117 (http://www.osvdb.org/35117)
OSVDB-35112 (http://www.osvdb.org/35112)
OSVDB-35120 (http://www.osvdb.org/35120)
OSVDB-35124 (http://www.osvdb.org/35124)
OSVDB-35110 (http://www.osvdb.org/35110)
20070310 [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability (http://www.securityfocus.com/archive/1/462452/100/0/threaded)
OSVDB-35108 (http://www.osvdb.org/35108)
OSVDB-35114 (http://www.osvdb.org/35114)
OSVDB-35119 (http://www.osvdb.org/35119)
ADV-2007-0917 (http://www.vupen.com/english/advisories/2007/0917)
OSVDB-35113 (http://www.osvdb.org/35113)
OSVDB-35118 (http://www.osvdb.org/35118)
OSVDB-35102 (http://www.osvdb.org/35102)
OSVDB-35104 (http://www.osvdb.org/35104)
OSVDB-35122 (http://www.osvdb.org/35122)
XF-pmbservices-multiple-scripts-file-include(32890) (https://exchange.xforce.ibmcloud.com/vulnerabilities/32890)
OSVDB-35109 (http://www.osvdb.org/35109)
Miscellaneous
http://advisories.echo.or.id/adv/adv68-K-159-2007.txt

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis