{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1790", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. (5) login.inc.php, (6) request.inc.php, and (7) categories.inc.php in include/core/; (8) save.inc.php, (9) preview.inc.php, (10) edit_item.inc.php, (11) new_item.inc.php, and (12) item_info.inc.php in include/display/item/; (13) search.inc.php, (14) item_edit.inc.php, (15) register_succsess.inc.php, (16) context_menu.inc.php, (17) item_repost.inc.php, (18) balance.inc.php, (19) featured.inc.php, (20) user.inc.php, (21) buynow.inc.php, (22) install_complete.inc.php, (23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php, (29) add_bid.inc.php, (30) items_filter.inc.php, (31) my_info.inc.php, (32) register.inc.php, (33) leave_feedback.inc.php, and (34) user_auctions.inc.php in include/display/; and (35) design/form.inc.php, (36) processor.inc.php, (37) interfaces.inc.php (38) left_menu.inc.php, (39) login.inc.php, and (40) categories.inc.php in include/." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "34582", "refsource": "OSVDB", "url": "http://www.osvdb.org/34582" }, { "name": "ADV-2007-1180", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1180" }, { "name": "34551", "refsource": "OSVDB", "url": "http://www.osvdb.org/34551" }, { "name": "34548", "refsource": "OSVDB", "url": "http://www.osvdb.org/34548" }, { "name": "34558", "refsource": "OSVDB", "url": "http://www.osvdb.org/34558" }, { "name": "34572", "refsource": "OSVDB", "url": "http://www.osvdb.org/34572" }, { "name": "34578", "refsource": "OSVDB", "url": "http://www.osvdb.org/34578" }, { "name": "34553", "refsource": "OSVDB", "url": "http://www.osvdb.org/34553" }, { "name": "34573", "refsource": "OSVDB", "url": "http://www.osvdb.org/34573" }, { "name": "34584", "refsource": "OSVDB", "url": "http://www.osvdb.org/34584" }, { "name": "34564", "refsource": "OSVDB", "url": "http://www.osvdb.org/34564" }, { "name": "3607", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3607" }, { "name": "34556", "refsource": "OSVDB", "url": "http://www.osvdb.org/34556" }, { "name": "34575", "refsource": "OSVDB", "url": "http://www.osvdb.org/34575" }, { "name": "34568", "refsource": "OSVDB", "url": "http://www.osvdb.org/34568" }, { "name": "34554", "refsource": "OSVDB", "url": "http://www.osvdb.org/34554" }, { "name": "34563", "refsource": "OSVDB", "url": "http://www.osvdb.org/34563" }, { "name": "34571", "refsource": "OSVDB", "url": "http://www.osvdb.org/34571" }, { "name": "34570", "refsource": "OSVDB", "url": "http://www.osvdb.org/34570" }, { "name": "34560", "refsource": "OSVDB", "url": "http://www.osvdb.org/34560" }, { "name": "34557", "refsource": "OSVDB", "url": "http://www.osvdb.org/34557" }, { "name": "34583", "refsource": "OSVDB", "url": "http://www.osvdb.org/34583" }, { "name": "34547", "refsource": "OSVDB", "url": "http://www.osvdb.org/34547" }, { "name": "34552", "refsource": "OSVDB", "url": "http://www.osvdb.org/34552" }, { "name": "34545", "refsource": "OSVDB", "url": "http://www.osvdb.org/34545" }, { "name": "34561", "refsource": "OSVDB", "url": "http://www.osvdb.org/34561" }, { "name": "34581", "refsource": "OSVDB", "url": "http://www.osvdb.org/34581" }, { "name": "34580", "refsource": "OSVDB", "url": "http://www.osvdb.org/34580" }, { "name": "34567", "refsource": "OSVDB", "url": "http://www.osvdb.org/34567" }, { "name": "kaqoo-installroot-file-include(33335)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33335" }, { "name": "34579", "refsource": "OSVDB", "url": "http://www.osvdb.org/34579" }, { "name": "34569", "refsource": "OSVDB", "url": "http://www.osvdb.org/34569" }, { "name": "34559", "refsource": "OSVDB", "url": "http://www.osvdb.org/34559" }, { "name": "34576", "refsource": "OSVDB", "url": "http://www.osvdb.org/34576" }, { "name": "34550", "refsource": "OSVDB", "url": "http://www.osvdb.org/34550" }, { "name": "34577", "refsource": "OSVDB", "url": "http://www.osvdb.org/34577" }, { "name": "24696", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24696" }, { "name": "34549", "refsource": "OSVDB", "url": "http://www.osvdb.org/34549" }, { "name": "34566", "refsource": "OSVDB", "url": "http://www.osvdb.org/34566" }, { "name": "34574", "refsource": "OSVDB", "url": "http://www.osvdb.org/34574" }, { "name": "34562", "refsource": "OSVDB", "url": "http://www.osvdb.org/34562" }, { "name": "23211", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23211" }, { "name": "34565", "refsource": "OSVDB", "url": "http://www.osvdb.org/34565" }, { "name": "34555", "refsource": "OSVDB", "url": "http://www.osvdb.org/34555" }, { "name": "34546", "refsource": "OSVDB", "url": "http://www.osvdb.org/34546" } ] } }