Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Txx Cms
  • Txx Cms

Configuration 1 [-]

cpe:2.3:a:txx_cms:txx_cms:0.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://osvdb.org/38390 cve-icon cve-icon
http://osvdb.org/38391 cve-icon cve-icon
http://osvdb.org/38392 cve-icon cve-icon
http://osvdb.org/38393 cve-icon cve-icon
http://securityreason.com/securityalert/3116 cve-icon cve-icon
http://www.securityfocus.com/archive/1/478870/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/25597 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/36511 cve-icon cve-icon
https://www.exploit-db.com/exploits/4381 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-11T19:00:00

Updated: 2024-08-07T15:08:33.790Z

Reserved: 2007-09-11T00:00:00

Link: CVE-2007-4818

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-09-11T19:17:00.000

Modified: 2018-10-15T21:38:16.847

Link: CVE-2007-4818

cve-icon Redhat

No data.