CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1288

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile36.05th
PublishedMar 7, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

Affected Platforms (CPE)

πŸ“¦
Webmobo

Wbnews

<= 1.4.1

References & Advisories

πŸ”— http://osvdb.org/34951
πŸ”— http://osvdb.org/34952
πŸ”— http://osvdb.org/34953
πŸ”— http://osvdb.org/34954
πŸ”— http://securityreason.com/securityalert/2355
πŸ”— http://www.securityfocus.com/archive/1/461674/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/32774
πŸ”— http://osvdb.org/34951

Related Vulnerabilities

CVE-2009-49277.5

WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as dem...

CVE-2006-02415.0

Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...