CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0863

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile19.36th
PublishedFeb 9, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php

Affected Platforms (CPE)

πŸ“¦
Trevorchan

Trevorchan

<= 0.7

References & Advisories

πŸ”— http://osvdb.org/33475
πŸ”— http://securitytracker.com/id?1017512
πŸ”— http://www.attrition.org/pipermail/vim/2007-January/001241.html
πŸ”— http://osvdb.org/33475
πŸ”— http://securitytracker.com/id?1017512
πŸ”— http://www.attrition.org/pipermail/vim/2007-January/001241.html

Related Vulnerabilities

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...