Sign-up

ID

VAR-200708-0147


CVE

CVE-2007-4117


TITLE

platon  of  phpwebfilemanager  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2007-006621

DESCRIPTION

PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use. platon of phpwebfilemanager Exists in unspecified vulnerabilities.None

Trust: 1.71

sources: NVD: CVE-2007-4117 // JVNDB: JVNDB-2007-006621 // VULHUB: VHN-27479

AFFECTED PRODUCTS

vendor:platonmodel:phpwebfilemanagerscope:eqversion:0.5

Trust: 2.4

vendor:platonmodel:phpwebfilemanagerscope: - version: -

Trust: 0.8

vendor:platonmodel:phpwebfilemanagerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2007-006621 // CNNVD: CNNVD-200708-001 // NVD: CVE-2007-4117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4117
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-4117
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200708-001
value: MEDIUM

Trust: 0.6

VULHUB: VHN-27479
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-4117
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27479
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27479 // JVNDB: JVNDB-2007-006621 // CNNVD: CNNVD-200708-001 // NVD: CVE-2007-4117

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2007-006621 // NVD: CVE-2007-4117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-001

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200708-001

EXTERNAL IDS

db:NVDid:CVE-2007-4117

Trust: 3.3

db:SREASONid:2940

Trust: 2.5

db:JVNDBid:JVNDB-2007-006621

Trust: 0.8

db:BUGTRAQid:20070730 PHPWEBFILEMANAGER V0.5 (PN_PATHPREFIX) REMOTE FILE INCLUDE VULNERABILITY

Trust: 0.6

db:XFid:35690

Trust: 0.6

db:VIMid:20070731 WTF: PHPWEBFILEMANAGER V0.5 (PN_PATHPREFIX) REMOTE FILE INCLUDE VULNERABILITY

Trust: 0.6

db:CNNVDid:CNNVD-200708-001

Trust: 0.6

db:VULHUBid:VHN-27479

Trust: 0.1

sources: VULHUB: VHN-27479 // JVNDB: JVNDB-2007-006621 // CNNVD: CNNVD-200708-001 // NVD: CVE-2007-4117

REFERENCES

url:http://securityreason.com/securityalert/2940

Trust: 2.5

url:http://www.attrition.org/pipermail/vim/2007-july/001744.html

Trust: 2.5

url:http://www.securityfocus.com/archive/1/475095/100/0/threaded

Trust: 1.9

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35690

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2007-4117

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/475095/100/0/threaded

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/35690

Trust: 0.6

sources: VULHUB: VHN-27479 // JVNDB: JVNDB-2007-006621 // CNNVD: CNNVD-200708-001 // NVD: CVE-2007-4117

SOURCES

db:VULHUBid:VHN-27479
db:JVNDBid:JVNDB-2007-006621
db:CNNVDid:CNNVD-200708-001
db:NVDid:CVE-2007-4117

LAST UPDATE DATE

2025-04-10T23:22:26.817000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-27479date:2018-10-15T00:00:00
db:JVNDBid:JVNDB-2007-006621date:2024-07-25T02:10:00
db:CNNVDid:CNNVD-200708-001date:2007-08-01T00:00:00
db:NVDid:CVE-2007-4117date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-27479date:2007-08-01T00:00:00
db:JVNDBid:JVNDB-2007-006621date:2024-07-25T00:00:00
db:CNNVDid:CNNVD-200708-001date:2007-08-01T00:00:00
db:NVDid:CVE-2007-4117date:2007-08-01T16:17:00