CVE-2007-6218

EPSS 4.1%

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.

Affected products

n/a · n/a

public PoCs found — 7

cve_referencewww.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txtunverified exploitdbwww.exploit-db.com/exploits/30831unverified exploitdbwww.exploit-db.com/exploits/30826unverified exploitdbwww.exploit-db.com/exploits/30827unverified exploitdbwww.exploit-db.com/exploits/30828unverified exploitdbwww.exploit-db.com/exploits/30829unverified exploitdbwww.exploit-db.com/exploits/30830unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/44312 http://osvdb.org/44313 http://osvdb.org/44314 http://osvdb.org/44315 http://osvdb.org/44316 http://osvdb.org/44317 http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt http://www.securityfocus.com/bid/26654