製品・ソフトウェアに関する情報

JVN脆弱性詳細

PBSite における PHP リモートファイルインクルージョンの脆弱性

Title	PBSite における PHP リモートファイルインクルージョンの脆弱性
Summary	PBSite には、PHP リモートファイルインクルージョンの脆弱性が存在します。
Possible impacts	第三者により、以下のパラメータ内の URL を介して、任意の PHP コードを実行される可能性があります。 (1) 以下への dbpath パラメータ内の URL (a) useronline.php (b) ucp.php (c) setcookie.php (d) sendpm.php (e) search.php (f) register.php (g) profile.php (h) post.php (i) pmpshow.php (j) pm.php (k) ntopic.php (l) nreply.php (m) news.php (n) memberslist.php (o) logout.php (p) login.php (q) index.php (r) help.php (s) forum.php (t) error.php (u) editpost.php (v) delpost.php (w) delpm.php (x) confirm.php (y) board.php (z) admin2.php (aa) admin.php (bb) templates/pb/css/formstyles.php (2) 以下への temppath パラメータ内の URL (a) useronline.php (c) setcookie.php (e) search.php (f) register.php (h) post.php (l) nreply.php (m) news.php (o) logout.php (p) login.php (q) index.php (r) help.php (s) forum.php (t) error.php (w) delpm.php (x) confirm.php (y) board.php.
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 6, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

Affected System

pbsite

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3085	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3085
National Vulnerability Database (NVD)
2	CVE-2007-3085	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3085

ベンダー情報

No	Name	URL
pbsite
1	PBSite	http://sourceforge.net/projects/pbsite/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-3085

Summary	Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php.
Publication Date	June 6, 2007, 7:30 p.m.
Registration Date	Jan. 29, 2021, 2:14 p.m.
Last Update	Oct. 17, 2018, 1:47 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:pbsite:pbsite::::::::

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/38759	OSVDB
2	http://osvdb.org/38760	OSVDB
3	http://osvdb.org/38761	OSVDB
4	http://osvdb.org/38762	OSVDB
5	http://osvdb.org/38763	OSVDB
6	http://osvdb.org/38764	OSVDB
7	http://osvdb.org/38765	OSVDB
8	http://osvdb.org/38766	OSVDB
9	http://osvdb.org/38767	OSVDB
10	http://osvdb.org/38768	OSVDB
11	http://osvdb.org/38769	OSVDB
12	http://osvdb.org/38770	OSVDB
13	http://osvdb.org/38771	OSVDB
14	http://osvdb.org/38772	OSVDB
15	http://osvdb.org/38773	OSVDB
16	http://osvdb.org/38774	OSVDB
17	http://osvdb.org/38775	OSVDB
18	http://osvdb.org/38776	OSVDB
19	http://osvdb.org/38777	OSVDB
20	http://osvdb.org/38778	OSVDB
21	http://osvdb.org/38779	OSVDB
22	http://osvdb.org/38780	OSVDB
23	http://osvdb.org/38781	OSVDB
24	http://osvdb.org/38782	OSVDB
25	http://osvdb.org/38783	OSVDB
26	http://osvdb.org/38784	OSVDB
27	http://osvdb.org/38785	OSVDB
28	http://osvdb.org/38786	OSVDB
29	http://securityreason.com/securityalert/2777	SREASON
30	http://www.securityfocus.com/archive/1/470239/100/0/threaded	BUGTRAQ
31	http://www.securityfocus.com/archive/1/470347/100/0/threaded	BUGTRAQ
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/34675	XF

Common Vulnerabilities List