CVE-2007-0172

AllMyGuests < 0.3 - Remote File Inclusion via AMG_serverpath Parameter

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by beks · textwebappsphp

https://www.exploit-db.com/exploits/3093

View Code ZIP pw:eip

References (9)

Core 9

Core References

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/35923

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31310

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/35915

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/35917

Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21918

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/35919

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/35921

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3093

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/35916

Scores

EPSS 0.1671

EPSS Percentile 95.0%

Details

Status published

Products (1)

allmyguests_project/allmyguests < 0.3

Published Jan 11, 2007

Tracked Since Feb 18, 2026