CVE-2007-2558 : PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute

PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use

Published 2007-05-09 18:19:00

Updated 2024-04-11 00:42:13

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Exploit prediction scoring system (EPSS) score for CVE-2007-2558

Probability of exploitation activity in the next 30 days: 1.57%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-2558

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2007-2558

http://securityreason.com/securityalert/2667

pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability - CXSecurity.com
http://www.attrition.org/pipermail/vim/2007-May/001604.html

[VIM] probably false: pfa RFI
http://osvdb.org/36167
http://www.securityfocus.com/archive/1/467827/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34160

phpFullAnnu CMS index.php file include undefined Vulnerability Report

Products affected by CVE-2007-2558

Netsliver » Pfa Cms » Version: 6.0
cpe:2.3:a:netsliver:pfa_cms:6.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-2558

Exploit prediction scoring system (EPSS) score for CVE-2007-2558

CVSS scores for CVE-2007-2558

References for CVE-2007-2558

Products affected by CVE-2007-2558