QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-2001

Back to search

CVE-2007-2001

Published: Apr 12, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

VendorProductVersions

n/a

n/a

affected
n/a

References

3701
exploit
x_refsource_EXPLOIT-DB
24862
third-party-advisory
x_refsource_SECUNIA
34817
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now