CVE

CVE-2007-1787

Date: (C)2007-03-31   (M)2023-12-22

Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

http://www.securityfocus.com/archive/1/464281/100/0/threaded

BID-23203

SECUNIA-24729

OSVDB-34626

EXPLOIT-DB-3600

ADV-2007-1193

http://advisories.echo.or.id/adv/adv80-K-159-2007.txt

softerra-timesheetclass-file-include(33327)