CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2007-3085

Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php.
Publish Date : 2007-06-06 Last Update Date : 2008-11-15
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
7.5
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access User
Vulnerability Type(s) Execute CodeFile Inclusion
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2007-3085

# Product Type Vendor Product Version Update Edition Language
1 Application Pbsite Pbsite Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Pbsite Pbsite 1

- References For CVE-2007-3085

http://osvdb.org/38760
OSVDB 38760
http://osvdb.org/38762
OSVDB 38762
http://osvdb.org/38761
OSVDB 38761
http://osvdb.org/38764
OSVDB 38764
http://osvdb.org/38763
OSVDB 38763
http://osvdb.org/38765
OSVDB 38765
http://osvdb.org/38766
OSVDB 38766
http://osvdb.org/38767
OSVDB 38767
http://osvdb.org/38768
OSVDB 38768
http://osvdb.org/38769
OSVDB 38769
http://osvdb.org/38770
OSVDB 38770
http://osvdb.org/38771
OSVDB 38771
http://osvdb.org/38772
OSVDB 38772
http://osvdb.org/38773
OSVDB 38773
http://osvdb.org/38774
OSVDB 38774
http://osvdb.org/38775
OSVDB 38775
http://osvdb.org/38776
OSVDB 38776
http://osvdb.org/38777
OSVDB 38777
http://osvdb.org/38778
OSVDB 38778
http://osvdb.org/38779
OSVDB 38779
http://osvdb.org/38780
OSVDB 38780
http://osvdb.org/38781
OSVDB 38781
http://osvdb.org/38782
OSVDB 38782
http://osvdb.org/38783
OSVDB 38783
http://osvdb.org/38784
OSVDB 38784
http://osvdb.org/38785
OSVDB 38785
http://osvdb.org/38786
OSVDB 38786
http://www.securityfocus.com/archive/1/archive/1/470239/100/0/threaded
BUGTRAQ 20070601 PBSite - PHP Bulletin Site | CMS ====> RFI
http://www.securityfocus.com/archive/1/archive/1/470347/100/0/threaded
BUGTRAQ 20070602 PBSite - PHP Bulletin Site | CMS ====> RFI
http://xforce.iss.net/xforce/xfdb/34675
XF pbsite-dbpathtemppath-file-include(34675)
http://osvdb.org/38759
OSVDB 38759
http://securityreason.com/securityalert/2777
SREASON 2777

- Metasploit Modules Related To CVE-2007-3085

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.