CVE-2007-2762

critical

Description

Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/.

References

https://www.exploit-db.com/exploits/3947

https://exchange.xforce.ibmcloud.com/vulnerabilities/34362

http://www.securityfocus.com/bid/24045

http://osvdb.org/37955

http://osvdb.org/37954

http://osvdb.org/37953

http://osvdb.org/37952

http://osvdb.org/37951

http://osvdb.org/37950

http://osvdb.org/37949

Details

Source: Mitre, NVD

Published: 2007-05-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.06086