CVE-2007-2428

Published: May 2, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.

Affected (1)

Products: Ahhp Portal: Ahhp Portal

Ahhp Portal

1 product

Ahhp Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ahhp Portal Ahhp Portal	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://securityvulns.com/Qdocument838.html

Source: cve@mitre.org

http://securityvulns.com/source13951.html

Source: cve@mitre.org

http://www.osvdb.org/36568

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/477253/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23658

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/34443

Source: cve@mitre.org

http://securityvulns.com/Qdocument838.html