{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2007-1790", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. (5) login.inc.php, (6) request.inc.php, and (7) categories.inc.php in include/core/; (8) save.inc.php, (9) preview.inc.php, (10) edit_item.inc.php, (11) new_item.inc.php, and (12) item_info.inc.php in include/display/item/; (13) search.inc.php, (14) item_edit.inc.php, (15) register_succsess.inc.php, (16) context_menu.inc.php, (17) item_repost.inc.php, (18) balance.inc.php, (19) featured.inc.php, (20) user.inc.php, (21) buynow.inc.php, (22) install_complete.inc.php, (23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php, (29) add_bid.inc.php, (30) items_filter.inc.php, (31) my_info.inc.php, (32) register.inc.php, (33) leave_feedback.inc.php, and (34) user_auctions.inc.php in include/display/; and (35) design/form.inc.php, (36) processor.inc.php, (37) interfaces.inc.php (38) left_menu.inc.php, (39) login.inc.php, and (40) categories.inc.php in include/." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "3607", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/3607" }, { "name" : "23211", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/23211" }, { "name" : "ADV-2007-1180", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2007/1180" }, { "name" : "34557", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34557" }, { "name" : "34558", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34558" }, { "name" : "34559", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34559" }, { "name" : "34561", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34561" }, { "name" : "34571", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34571" }, { "name" : "34572", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34572" }, { "name" : "34573", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34573" }, { "name" : "34574", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34574" }, { "name" : "34575", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34575" }, { "name" : "34576", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34576" }, { "name" : "34579", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34579" }, { "name" : "34580", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34580" }, { "name" : "34581", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34581" }, { "name" : "34582", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34582" }, { "name" : "34545", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34545" }, { "name" : "34546", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34546" }, { "name" : "34547", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34547" }, { "name" : "34548", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34548" }, { "name" : "34549", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34549" }, { "name" : "34550", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34550" }, { "name" : "34551", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34551" }, { "name" : "34552", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34552" }, { "name" : "34553", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34553" }, { "name" : "34554", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34554" }, { "name" : "34555", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34555" }, { "name" : "34556", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34556" }, { "name" : "34560", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34560" }, { "name" : "34562", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34562" }, { "name" : "34563", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34563" }, { "name" : "34564", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34564" }, { "name" : "34565", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34565" }, { "name" : "34566", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34566" }, { "name" : "34567", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34567" }, { "name" : "34568", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34568" }, { "name" : "34569", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34569" }, { "name" : "34570", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34570" }, { "name" : "34577", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34577" }, { "name" : "34578", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34578" }, { "name" : "34583", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34583" }, { "name" : "34584", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/34584" }, { "name" : "24696", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/24696" }, { "name" : "kaqoo-installroot-file-include(33335)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33335" } ] } }