QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2254

Published: Apr 25, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20070422 Allfaclassfieds (level2.php dir) remote file inclusion

mailing-list

x_refsource_BUGTRAQ

allfaclassfieds-level2-file-include(33798)

vdb-entry

x_refsource_XF

20070425 [false but true] "Allfaclassfieds" RFI no; PHP Classifieds yes

mailing-list

x_refsource_VIM

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.