Lucene search
MitreCVE-2007-5117HistorySep 27, 2007 - 5:17 p.m.
CVE-2007-5117
2007-09-2717:17:00
CWE-94
mitre
web.nvd.nist.gov
29
php
remote file inclusion
vulnerability
frontaccounting
arbitrary code execution
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
Low
EPSS
0.153
Percentile
95.9%
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Affected configurations
Node
frontaccountingfrontaccountingMatch1.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| frontaccounting | frontaccounting | 1.13 | cpe:2.3:a:frontaccounting:frontaccounting:1.13:*:*:*:*:*:*:* |
Related
cvelist
cvelist
prion
prion
Remote file inclusion
2007-09-27 17:17:00
Design/Logic Flaw
2007-10-01 05:17:00
Remote file inclusion
2007-08-09 21:17:00
nvd
nvd
cve
cve
CVE-2007-5148
2007-10-01 05:17:00
CVE-2007-4279
2007-08-09 21:17:00
exploitdb
exploitdb
FrontAccounting 1.13 - Remote File Inclusion
2007-09-26 00:00:00
FrontAccounting 1.12 build 31 - Remote File Inclusion
2007-08-07 00:00:00
canvas
canvas
Immunity Canvas: FRONTACCOUNT_INCLUDE
2007-08-09 21:17:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
Low
EPSS
0.153
Percentile
95.9%
Related for CVE-2007-5117