CVE-2007-5114
phpmyprofiler 0.9.6b - Remote Code Execution via pmp_rel_path Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. NOTE: this issue is disputed by CVE because the applicable require_once is in a function that is not called on a direct request
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://arfis.wordpress.com/2007/09/14/rfi-02-phpmyprofiler/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38579
Scores
EPSS
0.0122
EPSS Percentile
64.9%
Details
CWE
CWE-94
Status
published
Products (1)
phpmyprofiler/phpmyprofiler
0.9.6b
Published
Sep 26, 2007
Tracked Since
Feb 18, 2026