Required CVE Record Information
Description
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.
References 10 Total
- exploit-db.com: 4406 exploit
- exchange.xforce.ibmcloud.com: phpffl-livedraft-admin-file-include(36606) vdb-entry
- securityfocus.com: 25667 vdb-entry
- osvdb.org: 37086 vdb-entry
- http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/
- osvdb.org: 37085 vdb-entry
- vupen.com: ADV-2007-3176 vdb-entry
- http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531
- http://sourceforge.net/forum/forum.php?forum_id=735906
- secunia.com: 26812 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 10 Total
- exploit-db.com: 4406 exploitx_transferred
- exchange.xforce.ibmcloud.com: phpffl-livedraft-admin-file-include(36606) vdb-entryx_transferred
- securityfocus.com: 25667 vdb-entryx_transferred
- osvdb.org: 37086 vdb-entryx_transferred
- http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/ x_transferred
- osvdb.org: 37085 vdb-entryx_transferred
- vupen.com: ADV-2007-3176 vdb-entryx_transferred
- http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531 x_transferred
- http://sourceforge.net/forum/forum.php?forum_id=735906 x_transferred
- secunia.com: 26812 third-party-advisoryx_transferred