Back to CVE Browser

CVE-2007-1699

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1770%

EPSS Percentile17.76th

PublishedMar 27, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.

Affected Platforms (CPE)

📦

Joomla

Swmenu Component

= 4.0

📦

Mambo

Swmenu Component

= 4.0

References & Advisories

🔗 http://osvdb.org/38790

🔗 http://osvdb.org/38791

🔗 http://www.securityfocus.com/bid/23116

🔗 http://www.vupen.com/english/advisories/2007/1100

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/33204

🔗 https://www.exploit-db.com/exploits/3557

🔗 http://osvdb.org/38790

🔗 http://osvdb.org/38791

Related Vulnerabilities

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-182310.0

T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling N...