CVE-2007-4809

Online Fantasy Football League Offl - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MhZ91 · textwebappsphp

https://www.exploit-db.com/exploits/4374

View Code ZIP pw:eip

References (6)

[Exploit] http://www.securityfocus.com/bid/25596

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36529

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4374

[Third Party Advisory, VDB Entry] http://osvdb.org/36943

[Third Party Advisory, VDB Entry] http://osvdb.org/36944

[Third Party Advisory] http://secunia.com/advisories/26767

Scores

EPSS 0.8411

EPSS Percentile 99.3%

Details

CWE

CWE-94

Status published

Products (2)

online_fantasy_football_league/offl 0.2.3

online_fantasy_football_league/offl 0.2.6

Published Sep 11, 2007

Tracked Since Feb 18, 2026