CVE-2007-2941

critical

Description

Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.

References

https://www.exploit-db.com/exploits/3990

https://exchange.xforce.ibmcloud.com/vulnerabilities/34531

http://www.securityfocus.com/bid/24169

http://osvdb.org/38085

http://osvdb.org/38084

Details

Source: Mitre, NVD

Published: 2007-05-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04174