CVE-2007-1976 - OpenCVE

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xoops	Xoops Virii Info Module

Configuration 1 [-]

cpe:2.3:a:xoops:xoops_virii_info_module:*:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/37429
http://www.attrition.org/pipermail/vim/2007-April/001489.html
http://www.attrition.org/pipermail/vim/2007-April/001490.html
http://www.vupen.com/english/advisories/2007/1206
https://exchange.xforce.ibmcloud.com/vulnerabilities/33368
https://www.exploit-db.com/exploits/3642

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-12T00:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2007-04-11T00:00:00

Link: CVE-2007-1976

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-12T00:19:00.000

Modified: 2024-05-17T00:33:35.887

Link: CVE-2007-1976

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3642", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3642"}, {"name": "ADV-2007-1206", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1206"}, {"name": "37429", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37429"}, {"name": "xoops-virii-index-file-include(33368)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33368"}, {"name": "20070403 Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit]", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-April/001490.html"}, {"name": "20070403 Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit]", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-April/001489.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1976", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3642", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3642"}, {"name": "ADV-2007-1206", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1206"}, {"name": "37429", "refsource": "OSVDB", "url": "http://osvdb.org/37429"}, {"name": "xoops-virii-index-file-include(33368)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33368"}, {"name": "20070403 Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit]", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-April/001490.html"}, {"name": "20070403 Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit]", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-April/001489.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1976", "datePublished": "2007-04-12T00:00:00", "dateReserved": "2007-04-11T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xoops:xoops_virii_info_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C5331C7-D5A9-4098-B315-7CA7C35459C8", "versionEndIncluding": "1.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack"}, {"lang": "es", "value": "** IMPUGNADA ** Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en index.php del m\u00f3dulo Virii Info 1.10 y anteriores para Xoops permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL en el par\u00e1metro xoopsConfig[root_path]. NOTA: este problema ha sido impugnado por una tercera parte confiable, afirmando que la funci\u00f3n checkSuperglobals de la aplicaci\u00f3n la defiende contra el ataque."}], "id": "CVE-2007-1976", "lastModified": "2024-05-17T00:33:35.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-12T00:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37429"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-April/001489.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-April/001490.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1206"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33368"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3642"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}