CVE-2007-4950
PHPortal 0.2.7 - Remote Code Execution via DOCUMENT_ROOT Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in form/db_form/employee.php in PHPortal 0.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://arfis.wordpress.com/2007/09/14/rfi-03-phportal/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25717
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42477
Scores
EPSS
0.0122
EPSS Percentile
64.9%
Details
CWE
CWE-94
Status
published
Products (1)
phportal/phportal
0.2.7
Published
Sep 18, 2007
Tracked Since
Feb 18, 2026