CVE-2007-2091

Published: Apr 18, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter.

Affected (1)

Products: Tsdisplay4xoops: Tsdisplay4xoops

Tsdisplay4xoops

1 product

Tsdisplay4xoops

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tsdisplay4xoops Tsdisplay4xoops	Version 0.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://osvdb.org/37413

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/23518

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1424

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33695

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3750

Source: cve@mitre.org

http://osvdb.org/37413