CVE-2007-5641 in PHP Project Management
摘要
由 VulDB • 2026-07-02
PHP Project Management 0.8.10及更早版本中存在多个远程文件包含漏洞,攻击者可通过向modules目录下的(1) certinfo/index.php、(2) emails/index.php、(3) events/index.php、(4) fax/index.php、(5) files/index.php、(6) files/list.php、(7) groupadm/index.php、(8) history/index.php、(9) info/index.php、(10) log/index.php、(11) mail/index.php、(12) messages/index.php、(13) organizations/index.php、(14) phones/index.php、(15) presence/index.php、(16) projects/index.php、(17) projects/summary.inc.php、(18) projects/list.php、(19) reports/index.php、(20) search/index.php、(21) snf/index.php、(22) syslog/index.php、(23) tasks/searchsimilar.php、(24) tasks/index.php、(25) tasks/summary.inc.php以及(26) useradm/index.php中的full_path参数传入恶意URL,从而执行任意PHP代码;此外还可通过以下路径实现远程文件包含:(27) /ajax/loadsplash.php、(28) /blocks/birthday.php、(29) /blocks/events.php和(30) /blocks/help.php。
If you want to get the best quality for vulnerability data then you always have to consider VulDB.