CVE-2007-5631

Public Exploit

Description

Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.

References

Link	Tags
http://osvdb.org/45496	vdb entry
http://www.securityfocus.com/bid/26147	vdb entry
http://www.securityfocus.com/archive/1/483571/100/0/threaded	mailing list
http://osvdb.org/45495	vdb entry
http://osvdb.org/45501	vdb entry
http://osvdb.org/45500	vdb entry
https://www.exploit-db.com/exploits/4551	exploit
http://www.myelin.co.nz/post/2007/11/12/#200711121
http://osvdb.org/45499	vdb entry
http://osvdb.org/45497	vdb entry
http://osvdb.org/45498	vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37349	vdb entry

Frequently Asked Questions

What is the severity of CVE-2007-5631?: CVE-2007-5631 has been scored as a medium severity vulnerability.
How to fix CVE-2007-5631?: To fix CVE-2007-5631, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-5631 being actively exploited in the wild?: It is possible that CVE-2007-5631 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~23% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions