CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1766

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile4.75th
PublishedMar 30, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

Affected Platforms (CPE)

πŸ“¦
Msxstudios

Advanced Login

<= 0.76

References & Advisories

πŸ”— http://osvdb.org/34587
πŸ”— http://secunia.com/advisories/24695
πŸ”— http://securityreason.com/securityalert/2508
πŸ”— http://www.securityfocus.com/archive/1/464147/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/23197
πŸ”— http://www.vupen.com/english/advisories/2007/1179
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/33321
πŸ”— https://www.exploit-db.com/exploits/3608

Related Vulnerabilities

CVE-2015-29099.8

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administr...

CVE-2021-229929.8

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12....

CVE-2021-225308.2

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is perform...

CVE-2019-00398.1

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of...