PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-02-09T01:00:00
Updated: 2008-11-15T10:00:00
Reserved: 2007-02-08T00:00:00
Link: CVE-2007-0863
JSON object: View
NVD Information
Status : Modified
Published: 2007-02-09T01:28:00.000
Modified: 2024-05-17T00:32:47.800
Link: CVE-2007-0863
JSON object: View
Redhat Information
No data.
CWE