PT-2007-3744 · Sphider · Sphider
Published
2007-05-01
·
Updated
2024-08-07
·
CVE-2007-2411
CVSS v2.0
7.5
7.5
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Sphider versions 1.2.x
Description:
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `include dir` parameter in the index.php file. A third party disputes this issue, stating that the application is not vulnerable.
Recommendations:
For Sphider versions 1.2.x, as a temporary workaround, consider restricting access to the `include dir` parameter in the index.php file until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Related Identifiers
CVE-2007-2411
Affected Products
Sphider
References · 9
- https://nvd.nist.gov/vuln/detail/CVE-2007-2411 · Security Note
- http://osvdb.org/34174 · Note
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2411 · Note
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33963 · Note
- http://securityfocus.com/archive/1/467102/100/0/threaded · Note
- https://t.me/cvenotify/89654 · Telegram Post
- http://securityfocus.com/archive/1/467220/100/0/threaded · Note
- http://securityfocus.com/bid/23699 · Note
- http://securityreason.com/securityalert/2648 · Note