Vulnerability Details : CVE-2007-2660
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
Vulnerability category: File inclusion
Exploit prediction scoring system (EPSS) score for CVE-2007-2660
Probability of exploitation activity in the next 30 days: 2.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-2660
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-2660
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34273
cjgExplorerPro pcltar.lib.php and pcltrace.lib.php file include undefined Vulnerability Report
-
http://www.vupen.com/english/advisories/2007/1786
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://www.exploit-db.com/exploits/3915
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion - PHP webapps Exploit
-
http://secunia.com/advisories/25230
About Secunia Research | FlexeraVendor Advisory
-
http://osvdb.org/36010
-
http://www.attrition.org/pipermail/vim/2007-May/001618.html
[VIM] shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI
Products affected by CVE-2007-2660
- cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:*:*:*:*:*:*:*:*
- cpe:2.3:a:vincent_blavet:phpconcept_library:*:*:*:*:*:*:*:*