Search
Find a vulnerability
Search criteria
4 vulnerabilities found for stphplibrary by speedtech
CVE-2007-4738 (GCVE-0-2007-4738)
Vulnerability from nvd – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
36 references
| URL | Tags |
|---|---|
| http://osvdb.org/39077 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39082 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39088 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39076 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39090 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39085 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39079 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39093 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/39099 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39096 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39102 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39101 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39095 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39105 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39097 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39084 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39074 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39094 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39098 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39083 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39078 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39100 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39103 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39075 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39091 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/25525 | vdb-entryx_refsource_BID |
| http://osvdb.org/39089 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39081 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39087 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26658 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/39080 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39104 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39073 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39092 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39086 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39077",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39077"
},
{
"name": "39082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39082"
},
{
"name": "39088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39088"
},
{
"name": "39076",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39076"
},
{
"name": "39090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39090"
},
{
"name": "39085",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39085"
},
{
"name": "39079",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39079"
},
{
"name": "39093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39093"
},
{
"name": "speedtech-stphpimageshow-file-include(36417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
},
{
"name": "39099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39099"
},
{
"name": "39096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39096"
},
{
"name": "39102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39102"
},
{
"name": "39101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39101"
},
{
"name": "39095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39095"
},
{
"name": "39105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39105"
},
{
"name": "39097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39097"
},
{
"name": "39084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39084"
},
{
"name": "39074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39074"
},
{
"name": "39094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39094"
},
{
"name": "39098",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39098"
},
{
"name": "39083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39083"
},
{
"name": "39078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39078"
},
{
"name": "39100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39100"
},
{
"name": "39103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39103"
},
{
"name": "39075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39075"
},
{
"name": "39091",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39091"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "39089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39089"
},
{
"name": "39081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39081"
},
{
"name": "39087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39087"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26658"
},
{
"name": "39080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39080"
},
{
"name": "39104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39104"
},
{
"name": "39073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39073"
},
{
"name": "39092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39092"
},
{
"name": "39086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39077",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39077"
},
{
"name": "39082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39082"
},
{
"name": "39088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39088"
},
{
"name": "39076",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39076"
},
{
"name": "39090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39090"
},
{
"name": "39085",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39085"
},
{
"name": "39079",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39079"
},
{
"name": "39093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39093"
},
{
"name": "speedtech-stphpimageshow-file-include(36417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
},
{
"name": "39099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39099"
},
{
"name": "39096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39096"
},
{
"name": "39102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39102"
},
{
"name": "39101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39101"
},
{
"name": "39095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39095"
},
{
"name": "39105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39105"
},
{
"name": "39097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39097"
},
{
"name": "39084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39084"
},
{
"name": "39074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39074"
},
{
"name": "39094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39094"
},
{
"name": "39098",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39098"
},
{
"name": "39083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39083"
},
{
"name": "39078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39078"
},
{
"name": "39100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39100"
},
{
"name": "39103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39103"
},
{
"name": "39075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39075"
},
{
"name": "39091",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39091"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "39089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39089"
},
{
"name": "39081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39081"
},
{
"name": "39087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39087"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26658"
},
{
"name": "39080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39080"
},
{
"name": "39104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39104"
},
{
"name": "39073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39073"
},
{
"name": "39092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39092"
},
{
"name": "39086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39077",
"refsource": "OSVDB",
"url": "http://osvdb.org/39077"
},
{
"name": "39082",
"refsource": "OSVDB",
"url": "http://osvdb.org/39082"
},
{
"name": "39088",
"refsource": "OSVDB",
"url": "http://osvdb.org/39088"
},
{
"name": "39076",
"refsource": "OSVDB",
"url": "http://osvdb.org/39076"
},
{
"name": "39090",
"refsource": "OSVDB",
"url": "http://osvdb.org/39090"
},
{
"name": "39085",
"refsource": "OSVDB",
"url": "http://osvdb.org/39085"
},
{
"name": "39079",
"refsource": "OSVDB",
"url": "http://osvdb.org/39079"
},
{
"name": "39093",
"refsource": "OSVDB",
"url": "http://osvdb.org/39093"
},
{
"name": "speedtech-stphpimageshow-file-include(36417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
},
{
"name": "39099",
"refsource": "OSVDB",
"url": "http://osvdb.org/39099"
},
{
"name": "39096",
"refsource": "OSVDB",
"url": "http://osvdb.org/39096"
},
{
"name": "39102",
"refsource": "OSVDB",
"url": "http://osvdb.org/39102"
},
{
"name": "39101",
"refsource": "OSVDB",
"url": "http://osvdb.org/39101"
},
{
"name": "39095",
"refsource": "OSVDB",
"url": "http://osvdb.org/39095"
},
{
"name": "39105",
"refsource": "OSVDB",
"url": "http://osvdb.org/39105"
},
{
"name": "39097",
"refsource": "OSVDB",
"url": "http://osvdb.org/39097"
},
{
"name": "39084",
"refsource": "OSVDB",
"url": "http://osvdb.org/39084"
},
{
"name": "39074",
"refsource": "OSVDB",
"url": "http://osvdb.org/39074"
},
{
"name": "39094",
"refsource": "OSVDB",
"url": "http://osvdb.org/39094"
},
{
"name": "39098",
"refsource": "OSVDB",
"url": "http://osvdb.org/39098"
},
{
"name": "39083",
"refsource": "OSVDB",
"url": "http://osvdb.org/39083"
},
{
"name": "39078",
"refsource": "OSVDB",
"url": "http://osvdb.org/39078"
},
{
"name": "39100",
"refsource": "OSVDB",
"url": "http://osvdb.org/39100"
},
{
"name": "39103",
"refsource": "OSVDB",
"url": "http://osvdb.org/39103"
},
{
"name": "39075",
"refsource": "OSVDB",
"url": "http://osvdb.org/39075"
},
{
"name": "39091",
"refsource": "OSVDB",
"url": "http://osvdb.org/39091"
},
{
"name": "25525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "39089",
"refsource": "OSVDB",
"url": "http://osvdb.org/39089"
},
{
"name": "39081",
"refsource": "OSVDB",
"url": "http://osvdb.org/39081"
},
{
"name": "39087",
"refsource": "OSVDB",
"url": "http://osvdb.org/39087"
},
{
"name": "26658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26658"
},
{
"name": "39080",
"refsource": "OSVDB",
"url": "http://osvdb.org/39080"
},
{
"name": "39104",
"refsource": "OSVDB",
"url": "http://osvdb.org/39104"
},
{
"name": "39073",
"refsource": "OSVDB",
"url": "http://osvdb.org/39073"
},
{
"name": "39092",
"refsource": "OSVDB",
"url": "http://osvdb.org/39092"
},
{
"name": "39086",
"refsource": "OSVDB",
"url": "http://osvdb.org/39086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4738",
"datePublished": "2007-09-06T19:00:00.000Z",
"dateReserved": "2007-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4737 (GCVE-0-2007-4737)
Vulnerability from nvd – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/38929 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/38930 | vdb-entryx_refsource_OSVDB |
| https://www.exploit-db.com/exploits/4358 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25525 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/38931 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/3092 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/26658 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38929"
},
{
"name": "38930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38930"
},
{
"name": "4358",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4358"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "speedtech-stphplibdir-file-include(36416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
},
{
"name": "38931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38931"
},
{
"name": "ADV-2007-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3092"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38929"
},
{
"name": "38930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38930"
},
{
"name": "4358",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4358"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "speedtech-stphplibdir-file-include(36416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
},
{
"name": "38931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38931"
},
{
"name": "ADV-2007-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3092"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38929",
"refsource": "OSVDB",
"url": "http://osvdb.org/38929"
},
{
"name": "38930",
"refsource": "OSVDB",
"url": "http://osvdb.org/38930"
},
{
"name": "4358",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4358"
},
{
"name": "25525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "speedtech-stphplibdir-file-include(36416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
},
{
"name": "38931",
"refsource": "OSVDB",
"url": "http://osvdb.org/38931"
},
{
"name": "ADV-2007-3092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3092"
},
{
"name": "26658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4737",
"datePublished": "2007-09-06T19:00:00.000Z",
"dateReserved": "2007-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4738 (GCVE-0-2007-4738)
Vulnerability from cvelistv5 – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
36 references
| URL | Tags |
|---|---|
| http://osvdb.org/39077 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39082 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39088 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39076 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39090 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39085 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39079 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39093 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/39099 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39096 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39102 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39101 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39095 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39105 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39097 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39084 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39074 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39094 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39098 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39083 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39078 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39100 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39103 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39075 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39091 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/25525 | vdb-entryx_refsource_BID |
| http://osvdb.org/39089 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39081 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39087 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/26658 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/39080 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39104 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39073 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39092 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39086 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39077",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39077"
},
{
"name": "39082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39082"
},
{
"name": "39088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39088"
},
{
"name": "39076",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39076"
},
{
"name": "39090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39090"
},
{
"name": "39085",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39085"
},
{
"name": "39079",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39079"
},
{
"name": "39093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39093"
},
{
"name": "speedtech-stphpimageshow-file-include(36417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
},
{
"name": "39099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39099"
},
{
"name": "39096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39096"
},
{
"name": "39102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39102"
},
{
"name": "39101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39101"
},
{
"name": "39095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39095"
},
{
"name": "39105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39105"
},
{
"name": "39097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39097"
},
{
"name": "39084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39084"
},
{
"name": "39074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39074"
},
{
"name": "39094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39094"
},
{
"name": "39098",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39098"
},
{
"name": "39083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39083"
},
{
"name": "39078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39078"
},
{
"name": "39100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39100"
},
{
"name": "39103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39103"
},
{
"name": "39075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39075"
},
{
"name": "39091",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39091"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "39089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39089"
},
{
"name": "39081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39081"
},
{
"name": "39087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39087"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26658"
},
{
"name": "39080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39080"
},
{
"name": "39104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39104"
},
{
"name": "39073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39073"
},
{
"name": "39092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39092"
},
{
"name": "39086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39077",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39077"
},
{
"name": "39082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39082"
},
{
"name": "39088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39088"
},
{
"name": "39076",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39076"
},
{
"name": "39090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39090"
},
{
"name": "39085",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39085"
},
{
"name": "39079",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39079"
},
{
"name": "39093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39093"
},
{
"name": "speedtech-stphpimageshow-file-include(36417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
},
{
"name": "39099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39099"
},
{
"name": "39096",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39096"
},
{
"name": "39102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39102"
},
{
"name": "39101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39101"
},
{
"name": "39095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39095"
},
{
"name": "39105",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39105"
},
{
"name": "39097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39097"
},
{
"name": "39084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39084"
},
{
"name": "39074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39074"
},
{
"name": "39094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39094"
},
{
"name": "39098",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39098"
},
{
"name": "39083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39083"
},
{
"name": "39078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39078"
},
{
"name": "39100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39100"
},
{
"name": "39103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39103"
},
{
"name": "39075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39075"
},
{
"name": "39091",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39091"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "39089",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39089"
},
{
"name": "39081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39081"
},
{
"name": "39087",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39087"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26658"
},
{
"name": "39080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39080"
},
{
"name": "39104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39104"
},
{
"name": "39073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39073"
},
{
"name": "39092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39092"
},
{
"name": "39086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39077",
"refsource": "OSVDB",
"url": "http://osvdb.org/39077"
},
{
"name": "39082",
"refsource": "OSVDB",
"url": "http://osvdb.org/39082"
},
{
"name": "39088",
"refsource": "OSVDB",
"url": "http://osvdb.org/39088"
},
{
"name": "39076",
"refsource": "OSVDB",
"url": "http://osvdb.org/39076"
},
{
"name": "39090",
"refsource": "OSVDB",
"url": "http://osvdb.org/39090"
},
{
"name": "39085",
"refsource": "OSVDB",
"url": "http://osvdb.org/39085"
},
{
"name": "39079",
"refsource": "OSVDB",
"url": "http://osvdb.org/39079"
},
{
"name": "39093",
"refsource": "OSVDB",
"url": "http://osvdb.org/39093"
},
{
"name": "speedtech-stphpimageshow-file-include(36417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36417"
},
{
"name": "39099",
"refsource": "OSVDB",
"url": "http://osvdb.org/39099"
},
{
"name": "39096",
"refsource": "OSVDB",
"url": "http://osvdb.org/39096"
},
{
"name": "39102",
"refsource": "OSVDB",
"url": "http://osvdb.org/39102"
},
{
"name": "39101",
"refsource": "OSVDB",
"url": "http://osvdb.org/39101"
},
{
"name": "39095",
"refsource": "OSVDB",
"url": "http://osvdb.org/39095"
},
{
"name": "39105",
"refsource": "OSVDB",
"url": "http://osvdb.org/39105"
},
{
"name": "39097",
"refsource": "OSVDB",
"url": "http://osvdb.org/39097"
},
{
"name": "39084",
"refsource": "OSVDB",
"url": "http://osvdb.org/39084"
},
{
"name": "39074",
"refsource": "OSVDB",
"url": "http://osvdb.org/39074"
},
{
"name": "39094",
"refsource": "OSVDB",
"url": "http://osvdb.org/39094"
},
{
"name": "39098",
"refsource": "OSVDB",
"url": "http://osvdb.org/39098"
},
{
"name": "39083",
"refsource": "OSVDB",
"url": "http://osvdb.org/39083"
},
{
"name": "39078",
"refsource": "OSVDB",
"url": "http://osvdb.org/39078"
},
{
"name": "39100",
"refsource": "OSVDB",
"url": "http://osvdb.org/39100"
},
{
"name": "39103",
"refsource": "OSVDB",
"url": "http://osvdb.org/39103"
},
{
"name": "39075",
"refsource": "OSVDB",
"url": "http://osvdb.org/39075"
},
{
"name": "39091",
"refsource": "OSVDB",
"url": "http://osvdb.org/39091"
},
{
"name": "25525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "39089",
"refsource": "OSVDB",
"url": "http://osvdb.org/39089"
},
{
"name": "39081",
"refsource": "OSVDB",
"url": "http://osvdb.org/39081"
},
{
"name": "39087",
"refsource": "OSVDB",
"url": "http://osvdb.org/39087"
},
{
"name": "26658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26658"
},
{
"name": "39080",
"refsource": "OSVDB",
"url": "http://osvdb.org/39080"
},
{
"name": "39104",
"refsource": "OSVDB",
"url": "http://osvdb.org/39104"
},
{
"name": "39073",
"refsource": "OSVDB",
"url": "http://osvdb.org/39073"
},
{
"name": "39092",
"refsource": "OSVDB",
"url": "http://osvdb.org/39092"
},
{
"name": "39086",
"refsource": "OSVDB",
"url": "http://osvdb.org/39086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4738",
"datePublished": "2007-09-06T19:00:00.000Z",
"dateReserved": "2007-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4737 (GCVE-0-2007-4737)
Vulnerability from cvelistv5 – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
VLAI
EPSS
VEX
Summary
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/38929 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/38930 | vdb-entryx_refsource_OSVDB |
| https://www.exploit-db.com/exploits/4358 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25525 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/38931 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/3092 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/26658 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38929"
},
{
"name": "38930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38930"
},
{
"name": "4358",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4358"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "speedtech-stphplibdir-file-include(36416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
},
{
"name": "38931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38931"
},
{
"name": "ADV-2007-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3092"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38929"
},
{
"name": "38930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38930"
},
{
"name": "4358",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4358"
},
{
"name": "25525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "speedtech-stphplibdir-file-include(36416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
},
{
"name": "38931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38931"
},
{
"name": "ADV-2007-3092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3092"
},
{
"name": "26658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38929",
"refsource": "OSVDB",
"url": "http://osvdb.org/38929"
},
{
"name": "38930",
"refsource": "OSVDB",
"url": "http://osvdb.org/38930"
},
{
"name": "4358",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4358"
},
{
"name": "25525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25525"
},
{
"name": "speedtech-stphplibdir-file-include(36416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416"
},
{
"name": "38931",
"refsource": "OSVDB",
"url": "http://osvdb.org/38931"
},
{
"name": "ADV-2007-3092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3092"
},
{
"name": "26658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4737",
"datePublished": "2007-09-06T19:00:00.000Z",
"dateReserved": "2007-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}