CVE-2007-3230
published 2007-06-14CVE-2007-3230: PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
67.86%
99.2th percentile
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simian_systems_inc | sitellite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to phphtml.php containing a URL or remote path in the 'htmlclass_path' parameter, which is the injection point for remote file inclusion. ↗
- →Look for requests where 'htmlclass_path' parameter value ends with a null-byte or '?' terminator (e.g., 'SH3ll.txt?') — a classic RFI technique to truncate the appended file extension. ↗
- ·Vulnerability is specific to PHP::HTML version 0.6.4 only; the RFI exists on line 19 of phphtml.php. ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8mc6-rcpw-3j8c: PHP remote file inclusion vulnerability in phphtml
ghsa_unreviewed·2022-05-01
CVE-2007-3230 [MEDIUM] GHSA-8mc6-rcpw-3j8c: PHP remote file inclusion vulnerability in phphtml
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.
Red Hat
postgresql: SQL privilege escalation via modifications to session-local state
vendor_redhat·2009-12-14·CVSS 6.5
CVE-2009-4136 [MEDIUM] postgresql: SQL privilege escalation via modifications to session-local state
postgresql: SQL privilege escalation via modifications to session-local state
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Red Hat
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
vendor_redhat·2009-09-09·CVSS 6.5
CVE-2009-3230 [MEDIUM] postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/36304http://secunia.com/advisories/25687http://www.securityfocus.com/bid/24477http://www.vupen.com/english/advisories/2007/2208https://exchange.xforce.ibmcloud.com/vulnerabilities/34871https://www.exploit-db.com/exploits/4072http://osvdb.org/36304http://secunia.com/advisories/25687http://www.securityfocus.com/bid/24477http://www.vupen.com/english/advisories/2007/2208https://exchange.xforce.ibmcloud.com/vulnerabilities/34871https://www.exploit-db.com/exploits/4072
2007-06-14
Published