CVE-2007-5216
e-ark 1.0 - Remote Code Execution via vcard_inc.php or email_inc.php Parameter Injection
Title source: llmDescription
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://arfis.wordpress.com/2007/09/13/rfi-02-eark/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38553
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38554
Scores
EPSS
0.0134
EPSS Percentile
67.8%
Details
CWE
CWE-94
Status
published
Products (1)
e-ark/e-ark
1.0
Published
Oct 04, 2007
Tracked Since
Feb 18, 2026