CVEブラウザに戻る

CVE-2007-1288

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1910%

EPSS Percentile36.05th

Published2007年3月7日

Last Modified2026年4月23日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

Affected Platforms (CPE)

📦

Webmobo

Wbnews

<= 1.4.1

References & Advisories

🔗 http://osvdb.org/34951

🔗 http://osvdb.org/34952

🔗 http://osvdb.org/34953

🔗 http://osvdb.org/34954

🔗 http://securityreason.com/securityalert/2355

🔗 http://www.securityfocus.com/archive/1/461674/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/32774

🔗 http://osvdb.org/34951

関連する脆弱性情報

CVE-2009-49277.5

WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as dem...

CVE-2006-02415.0

Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...