Description
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
Exploits (1)
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25230
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1786
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-May/001618.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34273
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3915
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36010
Scores
EPSS
0.1368
EPSS Percentile
94.3%
Details
Status
published
Products (2)
cjg_explorer_pro/cjg_explorer_pro
< 3.3
vincent_blavet/phpconcept_library
Published
May 14, 2007
Tracked Since
Feb 18, 2026