CVE-2007-1052 : PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and ea

PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation

Published 2007-02-21 23:28:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2007-1052

Pblang » Pblang
Versions up to, including, (<=) 4.60
cpe:2.3:a:pblang:pblang:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-1052

EPSS FAQ

0.97%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-1052

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-1052

http://securityreason.com/securityalert/2269

PBLang 4.60 <= (index.php) Remote File Include Vulnerability - CXSecurity.com
http://www.securityfocus.com/archive/1/460315/100/0/threaded
http://attrition.org/pipermail/vim/2007-February/001356.html

[VIM] PBLang 4.60 <= (index.php) Remote File Include Vulnerability
http://osvdb.org/33737

Jump to

Vulnerability Details : CVE-2007-1052

Products affected by CVE-2007-1052

Exploit prediction scoring system (EPSS) score for CVE-2007-1052

CVSS scores for CVE-2007-1052

References for CVE-2007-1052