CVE-2007-1472
Last modified
CVE-2007-1472 is a vulnerability of currently unknown severity. Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.. EPSS estimates a 3.39% chance of exploitation in the next 30 days.
Description
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| T-Systems Solutions For Research Gmbh | Groupit | 2.00b5 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-1472?
How severe is CVE-2007-1472?
How do I fix CVE-2007-1472?
Are you affected by CVE-2007-1472?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST