CVE-2007-4744

Anyinventory - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE TiGeR · textwebappsphp

https://www.exploit-db.com/exploits/4365

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/26696

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36436

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25550

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4365

[Third Party Advisory, VDB Entry] http://www.osvdb.org/36846

Scores

EPSS 0.8410

EPSS Percentile 99.3%

Details

CWE

CWE-20 CWE-94

Status published

Products (2)

anyinventory/anyinventory 1.9.1

anyinventory/anyinventory 2.0

Published Sep 06, 2007

Tracked Since Feb 18, 2026