Back to search
CVE-2007-5914
Published: Nov 10, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
27533
third-party-advisory
x_refsource_SECUNIA
42070
vdb-entry
x_refsource_OSVDB
http://mgsdl.free.fr/?1:33
x_refsource_MISC
20071104 JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit
mailing-list
x_refsource_BUGTRAQ
3358
third-party-advisory
x_refsource_SREASON
4608
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now