CVE-2007-4934
published 2007-09-18CVE-2007-4934: Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT…
PriorityP340medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
21.75%
97.3th percentile
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpffl | phpffl | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wx25-59c7-q497: Multiple PHP remote file inclusion vulnerabilities in phpFFL 1
ghsa_unreviewed·2022-05-01
CVE-2007-4934 [MEDIUM] CWE-94 GHSA-wx25-59c7-q497: Multiple PHP remote file inclusion vulnerabilities in phpFFL 1
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.
GHSA
GHSA-wg2q-63hj-6rmg: Multiple PHP remote file inclusion vulnerabilities in phpFFL 1
ghsa_unreviewed·2022-05-01·CVSS 4.6
CVE-2007-4935 [MEDIUM] CWE-94 GHSA-wg2q-63hj-6rmg: Multiple PHP remote file inclusion vulnerabilities in phpFFL 1
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php. NOTE: the program_files/livedraft/admin.php and program_files/livedraft/livedraft.php vectors are covered by CVE-2007-4934.
No detection rules found.
No writeups or analysis indexed.
http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/http://osvdb.org/37085http://osvdb.org/37086http://secunia.com/advisories/26812http://sourceforge.net/forum/forum.php?forum_id=735906http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531http://www.securityfocus.com/bid/25667http://www.vupen.com/english/advisories/2007/3176https://exchange.xforce.ibmcloud.com/vulnerabilities/36606https://www.exploit-db.com/exploits/4406http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/http://osvdb.org/37085http://osvdb.org/37086http://secunia.com/advisories/26812http://sourceforge.net/forum/forum.php?forum_id=735906http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531http://www.securityfocus.com/bid/25667http://www.vupen.com/english/advisories/2007/3176https://exchange.xforce.ibmcloud.com/vulnerabilities/36606https://www.exploit-db.com/exploits/4406
2007-09-18
Published