← Back

Jean Charles

jean_charles

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Jbc Explorer
jbc_explorer
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-5914
1Jean Charles
1Jbc Explorer
Apr 23, 2026
Nov 10, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can...Show more
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.Show less
CVE-2007-5913
1Jean Charles
1Jbc Explorer
Apr 23, 2026
Nov 10, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with...Show more
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.Show less