|
|
CVE Reference: CVE-2007-2677 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-2677 |
|
|
Description: Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/34056 VIM http://attrition.org/pipermail/vim/2007-May/001586.html SAID Secunia Advisory: SA25147 OSVDB 35592 35593 35594 35595 MILW0RM http://www.milw0rm.com/exploits/3837 BID 23797 |
|
| Return to the previous page. |
