CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-4170

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile1.39th
Published2007年8月7日
Last Modified2026年4月23日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php.

Affected Platforms (CPE)

📦
Al Athkar

Al Athkar

= 2.0

References & Advisories

🔗 http://securityreason.com/securityalert/2964
🔗 http://www.securityfocus.com/archive/1/475646/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35818
🔗 http://securityreason.com/securityalert/2964
🔗 http://www.securityfocus.com/archive/1/475646/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35818

関連する脆弱性情報

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...

CVE-2007-113410.0

Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts....

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-113910.0

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts...