CVE-2007-1472
CVE-2007-1472
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/3486unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.echo.or.id/adv/adv75-theday-2007.txthttp://osvdb.org/34476http://securityreason.com/securityalert/2428https://exchange.xforce.ibmcloud.com/vulnerabilities/33000https://www.exploit-db.com/exploits/3486http://www.attrition.org/pipermail/vim/2007-March/001435.htmlhttp://www.attrition.org/pipermail/vim/2007-March/001436.htmlhttp://www.securityfocus.com/archive/1/462918/100/0/threadedhttp://www.vupen.com/english/advisories/2007/0995