CVE-2007-5096

Properties

Published:
25.09.2007
Updated:
28.09.2007
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
guanxiCRM: guanxiCRM Business Solution

Vulnerability description

PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter.

References:

http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/:http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/