CVE-2007-2816

Published: May 22, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.

Affected (1)

Products: Ol Bookmarks: Ol Bookmarks

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ol Bookmarks Ol Bookmarks	Version 0.7.4

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (36)

http://osvdb.org/36493

Source: cve@mitre.org

http://osvdb.org/36494

Source: cve@mitre.org

http://osvdb.org/36495

Source: cve@mitre.org

http://osvdb.org/36496

Source: cve@mitre.org

http://osvdb.org/36497

Source: cve@mitre.org

http://osvdb.org/36498

Source: cve@mitre.org

http://osvdb.org/36499

Source: cve@mitre.org

http://osvdb.org/36500

Source: cve@mitre.org

http://osvdb.org/36501

Source: cve@mitre.org

http://osvdb.org/36502

Source: cve@mitre.org

http://osvdb.org/36503

Source: cve@mitre.org

http://osvdb.org/36504

Source: cve@mitre.org

http://secunia.com/advisories/25356

Source: cve@mitre.org

Vendor Advisory

http://www.attrition.org/pipermail/vim/2007-May/001623.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/24083

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2007/1893

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/34402

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3962

Source: cve@mitre.org

http://osvdb.org/36493

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36494

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36495

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36496

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36497

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36498

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36499

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36500

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36501

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36502

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36503

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36504

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25356

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.attrition.org/pipermail/vim/2007-May/001623.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24083

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2007/1893

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/34402

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3962

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.