CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6289

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1070%
EPSS Percentile13.27th
PublishedDec 10, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.

Affected Platforms (CPE)

πŸ“¦
Iptel

Serweb

<= 2.0.0dev1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/26747
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/38906
πŸ”— https://www.exploit-db.com/exploits/4696
πŸ”— https://www.exploit-db.com/exploits/9284
πŸ”— http://www.securityfocus.com/bid/26747
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/38906
πŸ”— https://www.exploit-db.com/exploits/4696
πŸ”— https://www.exploit-db.com/exploits/9284

Related Vulnerabilities

CVE-2007-33586.8

PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbit...

CVE-2007-33596.8

Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP cod...

CVE-2007-62905.0

Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbi...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...