Vulnerability Details : CVE-2007-1053
Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php
Vulnerability category: File inclusion
Products affected by CVE-2007-1053
- cpe:2.3:a:warped_systems:phpxmms:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1053
0.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1053
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2007-1053
-
http://www.securityfocus.com/archive/1/460618/100/0/threaded
-
http://securityreason.com/securityalert/2273
phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities - CXSecurity.com
-
http://attrition.org/pipermail/vim/2007-February/001365.html
[VIM] false: phpXmms 1.0 (tcmdp) Remote File Include VulnerabilitiesExploit
-
http://osvdb.org/33749
Jump to