CVE-2007-2199

Exploit

EPSS 83.59%
Published 24.04.2007 20:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Cjg Explorer Pro ≫ Cjg Explorer Pro Version3.3

Joomla ≫ Joomla Version1.5.0 Updatebeta

Nx ≫ N X Wcms Version4.5

Phpsitebackup ≫ Phpsitebackup Version0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	83.59%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://osvdb.org/34803

http://osvdb.org/36009

http://secunia.com/advisories/25230

Vendor Advisory

http://www.attrition.org/pipermail/vim/2007-May/001618.html

http://www.hackers.ir/advisories/joomla.html

Vendor Advisory

Exploit

http://www.securityfocus.com/archive/1/466687/100/0/threaded

http://www.securityfocus.com/archive/1/478503/100/0/threaded

http://www.securityfocus.com/bid/23613

http://www.securityfocus.com/bid/23708