cbcvebase.
CVE-2007-1635
published 2007-03-23

CVE-2007-1635: Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject…

PriorityP339critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
2.78%
84.6th percentile
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
net_portal_dynamic_systemnet_portal_dynamic_system<= 5.10
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.