PT-2007-4673 · B1G · B1G B1Gbb

Rf7Awy

Published

2007-06-26

Updated

2017-10-11

CVE-2007-3401

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions B1G b1gBB version 2.24

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter in the footer.inc.php file.

Recommendations For B1G b1gBB version 2.24, consider restricting access to the footer.inc.php file or validating the tfooter parameter to prevent remote file inclusion attacks. As a temporary workaround, avoid using the tfooter parameter in the affected file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3401

Affected Products

B1G B1Gbb

PT-2007-4673 · B1G · B1G B1Gbb

CVE-2007-3401

Related Identifiers

Affected Products

References · 7