CVE-2007-6488

Published: Dec 20, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.

Affected (1)

Products: Falcon: Series One Cms

Falcon

1 product

Series One Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Falcon Series One Cms	Version 1.4.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://osvdb.org/40985

Source: cve@mitre.org

http://osvdb.org/40986

Source: cve@mitre.org

http://secunia.com/advisories/28047

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/4173

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4712

Source: cve@mitre.org

http://osvdb.org/40985