Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ppc Search Engine |
|
| Wgs-ppc |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-01-10T01:00:00
Updated: 2024-08-07T12:12:16.479Z
Reserved: 2007-01-09T00:00:00
Link: CVE-2007-0167
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-01-10T01:28:00.000
Modified: 2018-10-16T16:31:30.417
Link: CVE-2007-0167
Redhat
No data.