CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-0863

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile19.36th
Published2007年2月9日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php

Affected Platforms (CPE)

📦
Trevorchan

Trevorchan

<= 0.7

References & Advisories

🔗 http://osvdb.org/33475
🔗 http://securitytracker.com/id?1017512
🔗 http://www.attrition.org/pipermail/vim/2007-January/001241.html
🔗 http://osvdb.org/33475
🔗 http://securitytracker.com/id?1017512
🔗 http://www.attrition.org/pipermail/vim/2007-January/001241.html

関連する脆弱性情報

CVE-2007-319310.0

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remo...

CVE-2007-320810.0

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via ...

CVE-2007-318110.0

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnc...

CVE-2007-321610.0

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktop...