CVE-2007-4485
Last modified
CVE-2007-4485 is a vulnerability of currently unknown severity. PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter.. EPSS estimates a 1.75% chance of exploitation in the next 30 days.
Description
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Butterfly | Butterfly | 1.08 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4485?
How severe is CVE-2007-4485?
How do I fix CVE-2007-4485?
Are you affected by CVE-2007-4485?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST