CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-1766

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile4.75th
Published2007年3月30日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

Affected Platforms (CPE)

📦
Msxstudios

Advanced Login

<= 0.76

References & Advisories

🔗 http://osvdb.org/34587
🔗 http://secunia.com/advisories/24695
🔗 http://securityreason.com/securityalert/2508
🔗 http://www.securityfocus.com/archive/1/464147/100/0/threaded
🔗 http://www.securityfocus.com/bid/23197
🔗 http://www.vupen.com/english/advisories/2007/1179
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/33321
🔗 https://www.exploit-db.com/exploits/3608

相關漏洞威脅

CVE-2015-29099.8

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administr...

CVE-2021-229929.8

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12....

CVE-2021-225308.2

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is perform...

CVE-2019-00398.1

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of...