CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0531

HIGH
7.5
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile22.99th
PublishedJan 26, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

Affected Platforms (CPE)

πŸ“¦
Freewebshop

Freewebshop

= 2.2.3
πŸ“¦
Freewebshop

Freewebshop

= 2.2.4

References & Advisories

πŸ”— http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html
πŸ”— http://osvdb.org/32951
πŸ”— http://secunia.com/advisories/23898
πŸ”— http://securitytracker.com/id?1017549
πŸ”— http://www.freewebshop.org/?id=36
πŸ”— http://www.vupen.com/english/advisories/2007/0319
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31732
πŸ”— http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html

Related Vulnerabilities

CVE-2006-57727.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary S...

CVE-2007-64667.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands ...

CVE-2006-58466.4

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitr...

CVE-2006-58476.1

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary...