CVE-2007-0172

Name: CVE-2007-0172
Creator: NVD / NIST
Published: 2007-01-11T00:28:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.89%

Last modified Jun 16, 2026

CVE-2007-0172 is a vulnerability of currently unknown severity. Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.. EPSS estimates a 4.89% chance of exploitation in the next 30 days.

Description

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

Metrics

EPSS Probability

4.89%

91.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Allmyguests Project	Allmyguests	<= 0.3

References

http://osvdb.org/35915Broken Link
http://osvdb.org/35916Broken Link
http://osvdb.org/35917Broken Link
http://osvdb.org/35919Broken Link
http://osvdb.org/35921Broken Link
http://osvdb.org/35923Broken Link
http://www.securityfocus.com/bid/21918Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31310VDB Entry
https://www.exploit-db.com/exploits/3093Third Party Advisory, VDB Entry
http://osvdb.org/35915Broken Link
http://osvdb.org/35916Broken Link
http://osvdb.org/35917Broken Link
http://osvdb.org/35919Broken Link
http://osvdb.org/35921Broken Link
http://osvdb.org/35923Broken Link
http://www.securityfocus.com/bid/21918Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31310VDB Entry
https://www.exploit-db.com/exploits/3093Third Party Advisory, VDB Entry

Timeline

Published: Jan 11, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-0172?

How severe is CVE-2007-0172?

Severity scoring for CVE-2007-0172 is pending analysis. The EPSS model estimates a 4.89% probability of exploitation in the next 30 days.

How do I fix CVE-2007-0172?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-0172?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST