Vulnerability Details : CVE-2007-2660
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
Vulnerability category: File inclusion
Products affected by CVE-2007-2660
- cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:*:*:*:*:*:*:*:*
- cpe:2.3:a:vincent_blavet:phpconcept_library:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2660
5.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2660
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-2660
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34273
cjgExplorerPro pcltar.lib.php and pcltrace.lib.php file include undefined Vulnerability Report
-
http://www.vupen.com/english/advisories/2007/1786
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://www.exploit-db.com/exploits/3915
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion - PHP webapps Exploit
-
http://secunia.com/advisories/25230
About Secunia Research | FlexeraVendor Advisory
-
http://osvdb.org/36010
-
http://www.attrition.org/pipermail/vim/2007-May/001618.html
[VIM] shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI
Jump to