CVE-2007-2199

Published: Apr 24, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

Affected (4)

Products: Cjg Explorer Pro: Cjg Explorer Pro · Joomla: Joomla · Nx: N X Wcms · +1 more

Show all products

Cjg Explorer Pro: Cjg Explorer Pro · Joomla: Joomla · Nx: N X Wcms · Phpsitebackup: Phpsitebackup

Cjg Explorer Pro

1 product

Cjg Explorer Pro

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cjg Explorer Pro Cjg Explorer Pro	Version 3.3
Joomla Joomla	Version 1.5.0 beta
Nx N X Wcms	Version 4.5
Phpsitebackup Phpsitebackup	Version 0.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (36)

http://osvdb.org/34803

Source: cve@mitre.org

http://osvdb.org/36009

Source: cve@mitre.org

http://secunia.com/advisories/25230

Source: cve@mitre.org

Vendor Advisory

http://www.attrition.org/pipermail/vim/2007-May/001618.html

Source: cve@mitre.org

http://www.hackers.ir/advisories/joomla.html

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/466687/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/478503/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23613

Source: cve@mitre.org

http://www.securityfocus.com/bid/23708

Source: cve@mitre.org

http://www.securityfocus.com/bid/24660

Source: cve@mitre.org

http://www.securityfocus.com/bid/25528

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1511

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33837

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34273

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/35092

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3781

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3915

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4111

Source: cve@mitre.org

http://osvdb.org/34803

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36009

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25230

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.attrition.org/pipermail/vim/2007-May/001618.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.hackers.ir/advisories/joomla.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/466687/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/478503/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23613

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23708

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24660

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25528

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/1511

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33837

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34273

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/35092

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3781

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3915

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/4111

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.