CVE-2007-4907

2007-09-1716:00:00

mitre

www.cve.org

7.7 High

AI Score

Confidence

Low

0.112 Low

EPSS

Percentile

95.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.

References

osvdb.org/38972

osvdb.org/38973

osvdb.org/38974

osvdb.org/38976

osvdb.org/38977

www.securityfocus.com/bid/25637

exchange.xforce.ibmcloud.com/vulnerabilities/36574

www.exploit-db.com/exploits/4396