CVE-2007-5097
CRITICALOnline Fantasy Football League 0.2.6 - Remote Code Execution via DOC_ROOT Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects offl_nflteam.php against direct requests
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38722
Exploit x_refsource_misc
http://arfis.wordpress.com/2007/09/14/rfi-02-online-fantasy-football-league/
Scores
CVSS v3
9.8
EPSS
0.0140
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
online_fantasy_football_league/offl
0.2.6
Published
Sep 26, 2007
Tracked Since
Feb 18, 2026