CVE-2007-2628 in PHPSecurityAdmininfo

Summary

by MITRE

PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 11/16/2025

The vulnerability identified as CVE-2007-2628 represents a critical remote file inclusion flaw in the Justin Koivisto SecurityAdmin for PHP (PHPSecurityAdmin) version 4.0.2. This security weakness resides within the include/logout.php script where the PSA_PATH parameter is improperly validated, creating an avenue for malicious actors to inject and execute arbitrary PHP code on the target system. The vulnerability stems from the application's failure to sanitize user input before using it in file inclusion operations, a classic pattern that has been documented in numerous security advisories and represents a fundamental flaw in input validation practices.

The technical nature of this vulnerability places it firmly within the scope of CWE-88, which describes improper neutralization of special elements used in an OS command, and more specifically aligns with CWE-94, which covers execution of arbitrary code through improper input handling. The flaw operates by allowing an attacker to manipulate the PSA_PATH parameter to point to a remote malicious file, which is then included and executed by the vulnerable PHP application. This type of vulnerability enables attackers to perform remote code execution, potentially leading to complete system compromise, data theft, or service disruption. The attack vector is particularly dangerous because it can be exploited without authentication, making it accessible to anyone who can send HTTP requests to the affected application.

The operational impact of this vulnerability extends far beyond simple code execution, as it provides attackers with the capability to establish persistent access to the compromised system. Through remote code execution, an attacker can upload additional malicious payloads, create backdoors, escalate privileges, and conduct further reconnaissance within the network. The vulnerability affects the integrity and confidentiality of the application and underlying system, potentially exposing sensitive data and allowing for unauthorized access to resources. From an attack perspective, this vulnerability maps to ATT&CK technique T1059.007 for execution through PHP scripts and T1190 for exploitation of remote services, making it a significant concern for organizations running vulnerable versions of PHPSecurityAdmin.

Mitigation strategies for CVE-2007-2628 should focus on immediate patching of the affected application to version 4.0.3 or later, which contains the necessary input validation fixes. Organizations should implement proper input sanitization and validation techniques, ensuring that all user-supplied parameters are thoroughly checked before being used in file inclusion operations. Network segmentation and access controls can help limit the potential impact of exploitation, while web application firewalls may provide additional protection layers. Regular security assessments and vulnerability scanning should be conducted to identify similar issues in other applications, as this type of vulnerability often indicates broader security weaknesses in the application architecture. The remediation process must also include monitoring for signs of exploitation attempts and implementing proper logging mechanisms to track access to vulnerable endpoints, as the vulnerability represents a critical attack surface that requires immediate attention.

Reservation

05/11/2007

Disclosure

05/11/2007

Moderation

accepted

Entry

VDB-36746

CPE

ready

Exploit

Download

EPSS

0.02610

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!