CVE-2007-1976

EPSS 1.12%
Published 12.04.2007 00:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Xoops ≫ Xoops Virii Info Module Version <= 1.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.12%	0.774

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://osvdb.org/37429

http://www.attrition.org/pipermail/vim/2007-April/001489.html

http://www.attrition.org/pipermail/vim/2007-April/001490.html

http://www.vupen.com/english/advisories/2007/1206

https://exchange.xforce.ibmcloud.com/vulnerabilities/33368

https://www.exploit-db.com/exploits/3642

https://nvd.nist.gov/vuln/detail/CVE-2007-1976

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1976

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1976

EUVD