QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-5305

Back to search

CVE-2007-5305

Published: Oct 9, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

VendorProductVersions

n/a

n/a

affected
n/a

References

38656
vdb-entry
x_refsource_OSVDB
38649
vdb-entry
x_refsource_OSVDB
38651
vdb-entry
x_refsource_OSVDB
38653
vdb-entry
x_refsource_OSVDB
25951
vdb-entry
x_refsource_BID
38652
vdb-entry
x_refsource_OSVDB
38658
vdb-entry
x_refsource_OSVDB
38654
vdb-entry
x_refsource_OSVDB
38650
vdb-entry
x_refsource_OSVDB
38655
vdb-entry
x_refsource_OSVDB
3204
third-party-advisory
x_refsource_SREASON
38657
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now