CVE-2007-5305

Public Exploit

Description

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

References

Link	Tags
http://osvdb.org/38656	vdb entry
http://osvdb.org/38649	vdb entry
http://osvdb.org/38651	vdb entry
http://osvdb.org/38653	vdb entry
http://www.securityfocus.com/bid/25951	vdb entry exploit
http://osvdb.org/38652	vdb entry
http://osvdb.org/38658	vdb entry
http://osvdb.org/38654	vdb entry
http://osvdb.org/38650	vdb entry
http://osvdb.org/38655	vdb entry
http://www.securityfocus.com/archive/1/481683/100/0/threaded	mailing list
https://exchange.xforce.ibmcloud.com/vulnerabilities/37011	vdb entry
http://securityreason.com/securityalert/3204	third party advisory
http://osvdb.org/38657	vdb entry

Frequently Asked Questions

What is the severity of CVE-2007-5305?: CVE-2007-5305 has been scored as a high severity vulnerability.
How to fix CVE-2007-5305?: To fix CVE-2007-5305, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-5305 being actively exploited in the wild?: It is possible that CVE-2007-5305 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions