QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-4120

Back to search

CVE-2007-4120

Published: Aug 1, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims

VendorProductVersions

n/a

n/a

affected
n/a

References

25141
vdb-entry
x_refsource_BID
20070731 Re: RFI ====> vBulletin v3.6.5
mailing-list
x_refsource_BUGTRAQ
2941
third-party-advisory
x_refsource_SREASON
20070730 RFI ====> vBulletin v3.6.5
mailing-list
x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now