Back to search
CVE-2007-5178
Published: Oct 3, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-3326
vdb-entry
x_refsource_VUPEN
mxbb-mxglancesdesc-file-include(36867)
vdb-entry
x_refsource_XF
4470
exploit
x_refsource_EXPLOIT-DB
25866
vdb-entry
x_refsource_BID
20071001 Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability
mailing-list
x_refsource_VIM
27011
third-party-advisory
x_refsource_SECUNIA
37400
vdb-entry
x_refsource_OSVDB
20071001 Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability
mailing-list
x_refsource_VIM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now